763d839261
This implements chown support on Windows. Built-in accounts as well as accounts included in the SAM database of the container are supported. NOTE: IDPair is now named Identity and IDMappings is now named IdentityMapping. The following are valid examples: ADD --chown=Guest . <some directory> COPY --chown=Administrator . <some directory> COPY --chown=Guests . <some directory> COPY --chown=ContainerUser . <some directory> On Windows an owner is only granted the permission to read the security descriptor and read/write the discretionary access control list. This fix also grants read/write and execute permissions to the owner. Signed-off-by: Salahuddin Khan <salah@docker.com>
114 lines
3.2 KiB
Go
114 lines
3.2 KiB
Go
// +build !windows
|
|
|
|
package archive // import "github.com/docker/docker/pkg/archive"
|
|
|
|
import (
|
|
"archive/tar"
|
|
"errors"
|
|
"os"
|
|
"path/filepath"
|
|
"syscall"
|
|
|
|
"github.com/docker/docker/pkg/idtools"
|
|
"github.com/docker/docker/pkg/system"
|
|
rsystem "github.com/opencontainers/runc/libcontainer/system"
|
|
"golang.org/x/sys/unix"
|
|
)
|
|
|
|
// fixVolumePathPrefix does platform specific processing to ensure that if
|
|
// the path being passed in is not in a volume path format, convert it to one.
|
|
func fixVolumePathPrefix(srcPath string) string {
|
|
return srcPath
|
|
}
|
|
|
|
// getWalkRoot calculates the root path when performing a TarWithOptions.
|
|
// We use a separate function as this is platform specific. On Linux, we
|
|
// can't use filepath.Join(srcPath,include) because this will clean away
|
|
// a trailing "." or "/" which may be important.
|
|
func getWalkRoot(srcPath string, include string) string {
|
|
return srcPath + string(filepath.Separator) + include
|
|
}
|
|
|
|
// CanonicalTarNameForPath returns platform-specific filepath
|
|
// to canonical posix-style path for tar archival. p is relative
|
|
// path.
|
|
func CanonicalTarNameForPath(p string) string {
|
|
return p // already unix-style
|
|
}
|
|
|
|
// chmodTarEntry is used to adjust the file permissions used in tar header based
|
|
// on the platform the archival is done.
|
|
|
|
func chmodTarEntry(perm os.FileMode) os.FileMode {
|
|
return perm // noop for unix as golang APIs provide perm bits correctly
|
|
}
|
|
|
|
func setHeaderForSpecialDevice(hdr *tar.Header, name string, stat interface{}) (err error) {
|
|
s, ok := stat.(*syscall.Stat_t)
|
|
|
|
if ok {
|
|
// Currently go does not fill in the major/minors
|
|
if s.Mode&unix.S_IFBLK != 0 ||
|
|
s.Mode&unix.S_IFCHR != 0 {
|
|
hdr.Devmajor = int64(unix.Major(uint64(s.Rdev))) // nolint: unconvert
|
|
hdr.Devminor = int64(unix.Minor(uint64(s.Rdev))) // nolint: unconvert
|
|
}
|
|
}
|
|
|
|
return
|
|
}
|
|
|
|
func getInodeFromStat(stat interface{}) (inode uint64, err error) {
|
|
s, ok := stat.(*syscall.Stat_t)
|
|
|
|
if ok {
|
|
inode = s.Ino
|
|
}
|
|
|
|
return
|
|
}
|
|
|
|
func getFileUIDGID(stat interface{}) (idtools.Identity, error) {
|
|
s, ok := stat.(*syscall.Stat_t)
|
|
|
|
if !ok {
|
|
return idtools.Identity{}, errors.New("cannot convert stat value to syscall.Stat_t")
|
|
}
|
|
return idtools.Identity{UID: int(s.Uid), GID: int(s.Gid)}, nil
|
|
}
|
|
|
|
// handleTarTypeBlockCharFifo is an OS-specific helper function used by
|
|
// createTarFile to handle the following types of header: Block; Char; Fifo
|
|
func handleTarTypeBlockCharFifo(hdr *tar.Header, path string) error {
|
|
if rsystem.RunningInUserNS() {
|
|
// cannot create a device if running in user namespace
|
|
return nil
|
|
}
|
|
|
|
mode := uint32(hdr.Mode & 07777)
|
|
switch hdr.Typeflag {
|
|
case tar.TypeBlock:
|
|
mode |= unix.S_IFBLK
|
|
case tar.TypeChar:
|
|
mode |= unix.S_IFCHR
|
|
case tar.TypeFifo:
|
|
mode |= unix.S_IFIFO
|
|
}
|
|
|
|
return system.Mknod(path, mode, int(system.Mkdev(hdr.Devmajor, hdr.Devminor)))
|
|
}
|
|
|
|
func handleLChmod(hdr *tar.Header, path string, hdrInfo os.FileInfo) error {
|
|
if hdr.Typeflag == tar.TypeLink {
|
|
if fi, err := os.Lstat(hdr.Linkname); err == nil && (fi.Mode()&os.ModeSymlink == 0) {
|
|
if err := os.Chmod(path, hdrInfo.Mode()); err != nil {
|
|
return err
|
|
}
|
|
}
|
|
} else if hdr.Typeflag != tar.TypeSymlink {
|
|
if err := os.Chmod(path, hdrInfo.Mode()); err != nil {
|
|
return err
|
|
}
|
|
}
|
|
return nil
|
|
}
|