83 lines
3.0 KiB
Diff
83 lines
3.0 KiB
Diff
From 9ddd6e47a90ac056d242969ff72bf75a43cc0004 Mon Sep 17 00:00:00 2001
|
|
From: Akihiro Suda <suda.akihiro@lab.ntt.co.jp>
|
|
Date: Thu, 29 Nov 2018 16:14:35 +0900
|
|
Subject: [PATCH] pkg/archive: [backport] fix TestTarUntarWithXattr failure on recent
|
|
kernel
|
|
|
|
Recent kernel has strict check for security.capability value.
|
|
Fix #38289
|
|
|
|
Signed-off-by: Akihiro Suda <suda.akihiro@lab.ntt.co.jp>
|
|
---
|
|
Dockerfile | 1 +
|
|
pkg/archive/archive_unix_test.go | 20 ++++++++++++++------
|
|
2 files changed, 15 insertions(+), 6 deletions(-)
|
|
|
|
diff --git a/components/engine/Dockerfile b/components/engine/Dockerfile
|
|
index b0895cf5e0..8337653e19 100644
|
|
--- a/components/engine/Dockerfile
|
|
+++ b/components/engine/Dockerfile
|
|
@@ -182,6 +182,7 @@ RUN apt-get update && apt-get install -y \
|
|
btrfs-tools \
|
|
iptables \
|
|
jq \
|
|
+ libcap2-bin \
|
|
libdevmapper-dev \
|
|
libudev-dev \
|
|
libsystemd-dev \
|
|
diff --git a/components/engine/pkg/archive/archive_unix_test.go b/components/engine/pkg/archive/archive_unix_test.go
|
|
index 83deab0840..dc4e1fdae6 100644
|
|
--- a/components/engine/pkg/archive/archive_unix_test.go
|
|
+++ b/components/engine/pkg/archive/archive_unix_test.go
|
|
@@ -7,6 +7,7 @@ import (
|
|
"fmt"
|
|
"io/ioutil"
|
|
"os"
|
|
+ "os/exec"
|
|
"path/filepath"
|
|
"strings"
|
|
"syscall"
|
|
@@ -222,6 +223,13 @@ func TestTarWithBlockCharFifo(t *testing.T) {
|
|
// TestTarUntarWithXattr is Unix as Lsetxattr is not supported on Windows
|
|
func TestTarUntarWithXattr(t *testing.T) {
|
|
skip.If(t, os.Getuid() != 0, "skipping test that requires root")
|
|
+ if _, err := exec.LookPath("setcap"); err != nil {
|
|
+ t.Skip("setcap not installed")
|
|
+ }
|
|
+ if _, err := exec.LookPath("getcap"); err != nil {
|
|
+ t.Skip("getcap not installed")
|
|
+ }
|
|
+
|
|
origin, err := ioutil.TempDir("", "docker-test-untar-origin")
|
|
assert.NilError(t, err)
|
|
defer os.RemoveAll(origin)
|
|
@@ -232,8 +240,9 @@ func TestTarUntarWithXattr(t *testing.T) {
|
|
assert.NilError(t, err)
|
|
err = ioutil.WriteFile(filepath.Join(origin, "3"), []byte("will be ignored"), 0700)
|
|
assert.NilError(t, err)
|
|
- err = system.Lsetxattr(filepath.Join(origin, "2"), "security.capability", []byte{0x00}, 0)
|
|
- assert.NilError(t, err)
|
|
+ // there is no known Go implementation of setcap/getcap with support for v3 file capability
|
|
+ out, err := exec.Command("setcap", "cap_block_suspend+ep", filepath.Join(origin, "2")).CombinedOutput()
|
|
+ assert.NilError(t, err, string(out))
|
|
|
|
for _, c := range []Compression{
|
|
Uncompressed,
|
|
@@ -251,10 +260,9 @@ func TestTarUntarWithXattr(t *testing.T) {
|
|
if len(changes) != 1 || changes[0].Path != "/3" {
|
|
t.Fatalf("Unexpected differences after tarUntar: %v", changes)
|
|
}
|
|
- capability, _ := system.Lgetxattr(filepath.Join(origin, "2"), "security.capability")
|
|
- if capability == nil && capability[0] != 0x00 {
|
|
- t.Fatalf("Untar should have kept the 'security.capability' xattr.")
|
|
- }
|
|
+ out, err := exec.Command("getcap", filepath.Join(origin, "2")).CombinedOutput()
|
|
+ assert.NilError(t, err, string(out))
|
|
+ assert.Check(t, is.Contains(string(out), "= cap_block_suspend+ep"), "untar should have kept the 'security.capability' xattr")
|
|
}
|
|
}
|
|
|
|
--
|
|
2.27.0
|
|
|