kairos/luet
1
0
Fork 0
mirror of https://github.com/mudler/luet.git synced 2025-07-07 04:18:47 +00:00
Code Issues Packages Projects Releases Wiki Activity

🔧 Preserve suid,sgid and sticky bits when extracting images

Browse Source
This commit is contained in:
Ettore Di Giacinto 2021-11-04 11:34:36 +01:00
parent 9857bea5ff
commit fba420865a
4 changed files with 109 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

7
pkg/api/core/image/extract.go
View File

@ -19,6 +19,7 @@ import (
"archive/tar" "archive/tar"
"context" "context"
"io" "io"
"io/fs"
"os" "os"
"path/filepath" "path/filepath"
"strings" "strings"
@ -208,6 +209,7 @@ func ExtractReader(ctx *types.Context, reader io.ReadCloser, output string, keep
PAX, Xattrs map[string]string PAX, Xattrs map[string]string
Uid, Gid int Uid, Gid int
Name string Name string
FileMode fs.FileMode
} }
permstore, err := ctx.Config.System.TempDir("permstore") permstore, err := ctx.Config.System.TempDir("permstore")
@ -224,6 +226,7 @@ func ExtractReader(ctx *types.Context, reader io.ReadCloser, output string, keep
Uid: h.Uid, Gid: h.Gid, Uid: h.Uid, Gid: h.Gid,
Xattrs: h.Xattrs, Xattrs: h.Xattrs,
Name: h.Name, Name: h.Name,
FileMode: h.FileInfo().Mode(),
}) })
//perms = append(perms, }) //perms = append(perms, })
} }
@ -249,6 +252,10 @@ func ExtractReader(ctx *types.Context, reader io.ReadCloser, output string, keep
if err := os.Lchown(ff, p.Uid, p.Gid); err != nil { if err := os.Lchown(ff, p.Uid, p.Gid); err != nil {
ctx.Warning(err, "failed chowning file") ctx.Warning(err, "failed chowning file")
} }
ctx.Debug("Set", p.Name, p.FileMode)
if err := os.Chmod(ff, p.FileMode); err != nil {
ctx.Warning(err, "failed chmod file")
}
} }
for _, attrs := range []map[string]string{p.Xattrs, p.PAX} { for _, attrs := range []map[string]string{p.Xattrs, p.PAX} {
for k, attr := range attrs { for k, attr := range attrs {

18
tests/fixtures/extra_perms/pkgA/0.1/build.yaml vendored Normal file
View File

@ -0,0 +1,18 @@
image: "alpine"
unpack: true
includes:
- /foo
- /foo/bar
- /foo/bar/suid
- /foo/bar/sticky
- /foo/bar/sgid
steps:
- mkdir -p /foo/bar
- touch /foo/bar/suid
- touch /foo/bar/sgid
- touch /foo/bar/sticky
- chown 100:100 /foo/bar
- chown 101:101 /foo/bar/suid
- chmod u+s /foo/bar/suid
- chmod u-s,g+s /foo/bar/sgid
- chmod +t /foo/bar/sticky

3
tests/fixtures/extra_perms/pkgA/0.1/definition.yaml vendored Normal file
View File

@ -0,0 +1,3 @@
category: "test"
name: "extra-perms"
version: "0.1"

79
tests/integration/36_extra_perm_bits.sh Executable file
View File

@ -0,0 +1,79 @@
#!/bin/bash
export LUET_NOLOCK=true
oneTimeSetUp() {
export tmpdir="$(mktemp -d)"
}
oneTimeTearDown() {
rm -rf "$tmpdir"
}
testBuild() {
[ "$LUET_BACKEND" == "img" ] && startSkipping
mkdir $tmpdir/testbuild
luet build -d --tree "$ROOT_DIR/tests/fixtures/extra_perms" --same-owner=true --destination $tmpdir/testbuild --compression gzip --full
buildst=$?
assertTrue 'create package perms 0.1' "[ -e '$tmpdir/testbuild/extra-perms-test-0.1.package.tar.gz' ]"
assertEquals 'builds successfully' "$buildst" "0"
}
testRepo() {
[ "$LUET_BACKEND" == "img" ] && startSkipping
assertTrue 'no repository' "[ ! -e '$tmpdir/testbuild/repository.yaml' ]"
luet create-repo --tree "$ROOT_DIR/tests/fixtures/extra_perms" \
--output $tmpdir/testbuild \
--packages $tmpdir/testbuild \
--name "test" \
--descr "Test Repo" \
--urls $tmpdir/testrootfs \
--type http
createst=$?
assertEquals 'create repo successfully' "$createst" "0"
assertTrue 'create repository' "[ -e '$tmpdir/testbuild/repository.yaml' ]"
}
testConfig() {
[ "$LUET_BACKEND" == "img" ] && startSkipping
mkdir $tmpdir/testrootfs
cat <<EOF > $tmpdir/luet.yaml
general:
debug: true
system:
rootfs: $tmpdir/testrootfs
database_path: "/"
database_engine: "boltdb"
config_from_host: true
repositories:
- name: "main"
type: "disk"
enable: true
urls:
- "$tmpdir/testbuild"
EOF
luet config --config $tmpdir/luet.yaml
res=$?
assertEquals 'config test successfully' "$res" "0"
}
testInstall() {
[ "$LUET_BACKEND" == "img" ] && startSkipping
$ROOT_DIR/tests/integration/bin/luet install -y --config $tmpdir/luet.yaml test/extra-perms
installst=$?
assertEquals 'install test successfully' "$installst" "0"
tree $tmpdir/testrootfs/foo/bar
assertTrue 'package installed bar' "[ -d '$tmpdir/testrootfs/foo/bar' ]"
assertContains 'perms2' "$(stat -c %u:%g $tmpdir/testrootfs/foo/bar)" "100:100"
assertContains 'suid' "$(stat -c %a $tmpdir/testrootfs/foo/bar/suid)" "4644"
assertContains 'sgid' "$(stat -c %a $tmpdir/testrootfs/foo/bar/sgid)" "2644"
assertContains 'sticky' "$(stat -c %a $tmpdir/testrootfs/foo/bar/sticky)" "1644"
}
# Load shUnit2.
. "$ROOT_DIR/tests/integration/shunit2"/shunit2