moby/daemon/export.go
Salahuddin Khan 763d839261 Add ADD/COPY --chown flag support to Windows
This implements chown support on Windows. Built-in accounts as well
as accounts included in the SAM database of the container are supported.

NOTE: IDPair is now named Identity and IDMappings is now named
IdentityMapping.

The following are valid examples:
ADD --chown=Guest . <some directory>
COPY --chown=Administrator . <some directory>
COPY --chown=Guests . <some directory>
COPY --chown=ContainerUser . <some directory>

On Windows an owner is only granted the permission to read the security
descriptor and read/write the discretionary access control list. This
fix also grants read/write and execute permissions to the owner.

Signed-off-by: Salahuddin Khan <salah@docker.com>
2018-08-13 21:59:11 -07:00

86 lines
2.4 KiB
Go

package daemon // import "github.com/docker/docker/daemon"
import (
"fmt"
"io"
"runtime"
"github.com/docker/docker/container"
"github.com/docker/docker/errdefs"
"github.com/docker/docker/pkg/archive"
"github.com/docker/docker/pkg/ioutils"
"github.com/docker/docker/pkg/system"
)
// ContainerExport writes the contents of the container to the given
// writer. An error is returned if the container cannot be found.
func (daemon *Daemon) ContainerExport(name string, out io.Writer) error {
container, err := daemon.GetContainer(name)
if err != nil {
return err
}
if runtime.GOOS == "windows" && container.OS == "windows" {
return fmt.Errorf("the daemon on this operating system does not support exporting Windows containers")
}
if container.IsDead() {
err := fmt.Errorf("You cannot export container %s which is Dead", container.ID)
return errdefs.Conflict(err)
}
if container.IsRemovalInProgress() {
err := fmt.Errorf("You cannot export container %s which is being removed", container.ID)
return errdefs.Conflict(err)
}
data, err := daemon.containerExport(container)
if err != nil {
return fmt.Errorf("Error exporting container %s: %v", name, err)
}
defer data.Close()
// Stream the entire contents of the container (basically a volatile snapshot)
if _, err := io.Copy(out, data); err != nil {
return fmt.Errorf("Error exporting container %s: %v", name, err)
}
return nil
}
func (daemon *Daemon) containerExport(container *container.Container) (arch io.ReadCloser, err error) {
if !system.IsOSSupported(container.OS) {
return nil, fmt.Errorf("cannot export %s: %s ", container.ID, system.ErrNotSupportedOperatingSystem)
}
rwlayer, err := daemon.imageService.GetLayerByID(container.ID, container.OS)
if err != nil {
return nil, err
}
defer func() {
if err != nil {
daemon.imageService.ReleaseLayer(rwlayer, container.OS)
}
}()
basefs, err := rwlayer.Mount(container.GetMountLabel())
if err != nil {
return nil, err
}
archive, err := archivePath(basefs, basefs.Path(), &archive.TarOptions{
Compression: archive.Uncompressed,
UIDMaps: daemon.idMapping.UIDs(),
GIDMaps: daemon.idMapping.GIDs(),
})
if err != nil {
rwlayer.Unmount()
return nil, err
}
arch = ioutils.NewReadCloserWrapper(archive, func() error {
err := archive.Close()
rwlayer.Unmount()
daemon.imageService.ReleaseLayer(rwlayer, container.OS)
return err
})
daemon.LogContainerEvent(container, "export")
return arch, err
}