Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

oci: tar extract: full opaque whiteout support #229

Merged
merged 5 commits into from
Mar 9, 2018
Merged

oci: tar extract: full opaque whiteout support #229

merged 5 commits into from
Mar 9, 2018

Conversation

cyphar
Copy link
Member

@cyphar cyphar commented Mar 9, 2018
edited
Loading

Add full opaque whiteout support, including the handling of new files
present in the upper layer (and thus should not be removed). The code
implementing this is fairly fragile and has to deal with a lot of really
annoying edge cases, so many new tests were added for this portion.

There are a few semantics differences found between unpriv.Walk and
filepath.Walk by this patch (especially when it comes to handling ENOENT
during the walk). These semantics have been fixed in the WalkFunc used,
but probably deserve a refactor in future.

Closes #224
Signed-off-by: Aleksa Sarai [email protected]

@cyphar cyphar added this to the 0.4.0 milestone Mar 9, 2018
@cyphar
Copy link
Member Author

cyphar commented Mar 9, 2018

We can handle generating opaque whiteouts in the future (because we technically shouldn't be generating them).

@cyphar cyphar force-pushed the oci-whiteout-support branch 2 times, most recently from 24d9b2f to a65367b Compare March 9, 2018 12:42
cyphar added 4 commits March 10, 2018 00:58
@cyphar
oci: tar generate: disallow .wh. prefix files
f333d49 
The OCI specification makes it clear that we MUST NOT allow users to
have a rootfs that contains '.wh.'-prefixed files. While we cannot
prevent them from creating such a rootfs, we can abort when we see it.
Also add a test to ensure that this doesn't regress.

In addition we error out if we see opaque whiteouts. This is a temporary
patch in this series, and will be replaced with full opaque whiteout
support in a future commit.

Signed-off-by: Aleksa Sarai <[email protected]>
@cyphar
oci: tar extract: simplify clobbering code
56be14a 
The previous clobbering code was overly complicated and duplicated.
While this is technically a no-op change, it makes it clearer what the
clobbering semantics actually are (everything gets clobbered except
previously-directories that will remain a directory after the
extraction).

Signed-off-by: Aleksa Sarai <[email protected]>
@cyphar
pkg: unpriv: simplify RemoveAll
a150698 
Rather than looping over Readdirnames, just get them all in the first
place. The Go stdlib appears to use both the "get all" and "get some"
interfaces of Readdirnames for similar operations (RemoveAll and Walk
respectively).

It doesn't make sense to use different operations, as they also make the
implementation seem more complicated than necessary. Also refactor out
the Readdirnames code so that it can be used by Walk in a future patch.

Signed-off-by: Aleksa Sarai <[email protected]>
@cyphar
pkg: unpriv: add Walk implementation
6b737f6 
This adds a filepath.Walk implementation to unpriv, that works
unprivileged. At the moment the WalkFunc is Wrap'd internally, though
this results in the function being called more than once if there's a
permission error. This might not be ideal for all users, but it is more
transparent I guess?

Also add Walk to the fseval interfaces so we can use Walk in oci/layer
for the purposes of handling opaque whiteouts.

Signed-off-by: Aleksa Sarai <[email protected]>
@cyphar cyphar force-pushed the oci-whiteout-support branch from a65367b to b3e56ca Compare March 9, 2018 13:58
@cyphar
oci: tar extract: full opaque whiteout support
08da5c6 
Add full opaque whiteout support, including the handling of new files
present in the upper layer (and thus should not be removed). The code
implementing this is fairly fragile and has to deal with a lot of really
annoying edge cases, so many new tests were added for this portion.

There are a few semantics differences found between unpriv.Walk and
filepath.Walk by this patch (especially when it comes to handling ENOENT
during the walk). These semantics have been fixed in the WalkFunc used,
but probably deserve a refactor in future.

Signed-off-by: Aleksa Sarai <[email protected]>
@cyphar cyphar force-pushed the oci-whiteout-support branch from b3e56ca to 08da5c6 Compare March 9, 2018 14:36
@cyphar
Copy link
Member Author

cyphar commented Mar 9, 2018

LGTM.

@cyphar cyphar merged commit 08da5c6 into opencontainers:master Mar 9, 2018
cyphar added a commit that referenced this pull request Mar 9, 2018
@cyphar
merge branch 'pr-229'
fe1f566 
  oci: tar extract: full opaque whiteout support
  pkg: unpriv: add Walk implementation
  pkg: unpriv: simplify RemoveAll
  oci: tar extract: simplify clobbering code
  oci: tar generate: disallow .wh. prefix files

LGTMs: @cyphar
Closes #229
@cyphar cyphar mentioned this pull request Mar 12, 2018
Closed
@cyphar cyphar added the oci-spec Issue directly related to OCI image-spec. label Mar 22, 2018
@cyphar cyphar deleted the oci-whiteout-support branch September 10, 2018 17:47
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
oci/layer oci-spec Issue directly related to OCI image-spec.
Projects
None yet
Milestone
0.4.0
Development

Successfully merging this pull request may close these issues.

make whiteout handling spec-compliant
1 participant
@cyphar