Add NoSameOwner option when unpacking tars

When unpacking a TAR archive, containerd preserves file's owner: https://github.com/containerd/containerd/blob/main/archive/tar.go#L384 In some cases this behavior is not desired. In current implementation we avoid `Lchown` on Windows. Another case when this should be skipped is when using native snapshotter on darwin and running as non-root user. This PR extracts a generic option - `WithNoSameOwner` (same as `tar --no-same-owner`) to skip `Lchown` when its not required. Signed-off-by: Maksym Pavlenko <pavlenko.maksym@gmail.com>
2022-09-09 15:46:18 -07:00
parent f4a905109b
commit 0f51aa874d
6 changed files with 42 additions and 12 deletions
--- a/diff/apply/apply_darwin.go
+++ b/diff/apply/apply_darwin.go
@@ -19,6 +19,7 @@ package apply
 import (
 	"context"
 	"io"
+	"os"

 	"github.com/containerd/containerd/archive"
 	"github.com/containerd/containerd/mount"
@@ -28,8 +29,14 @@ func apply(ctx context.Context, mounts []mount.Mount, r io.Reader) error {
 	// We currently do not support mounts nor bind mounts on MacOS in the containerd daemon.
 	// Using this as an exception to enable native snapshotter and allow further research.
 	if len(mounts) == 1 && mounts[0].Type == "bind" {
+		opts := []archive.ApplyOpt{}
+
+		if os.Getuid() != 0 {
+			opts = append(opts, archive.WithNoSameOwner())
+		}
+
 		path := mounts[0].Source
-		_, err := archive.Apply(ctx, path, r)
+		_, err := archive.Apply(ctx, path, r, opts...)
 		return err
 	}