Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Fixes #1837 : keep file capabilities on archival #1838

Merged
merged 1 commit into from
Dec 23, 2021
Merged

Fixes #1837 : keep file capabilities on archival #1838

merged 1 commit into from
Dec 23, 2021

Conversation

hypnoce
Copy link
Contributor

@hypnoce hypnoce commented Dec 16, 2021
edited
Loading

Fixes #1837

Description

Read security.capability from file and store it in XAttrs tar header.

Submitter Checklist

These are the criteria that every PR should meet, please check them off as you
review them:

  • No unit test: hard to test as xattrs are not kept by git and setting them requires priviledges
  • Adds integration tests if needed.

See the contribution guide for more details.

Reviewer Notes

  • The code flow looks good.
  • Unit tests and or integration tests added.

Release Notes

Preserve file capabilities on archival

@hypnoce hypnoce force-pushed the add_security_capability branch 4 times, most recently from caa54c4 to 6534a68 Compare December 20, 2021 22:15
@hypnoce
Copy link
Contributor Author

hypnoce commented Dec 20, 2021
edited
Loading

All check failed with

docker: Error response from daemon: Head "https://registry-1.docker.io/v2/library/registry/manifests/2": received unexpected HTTP status: 502 Bad Gateway.

Rebased

@hypnoce
Copy link
Contributor Author

hypnoce commented Dec 21, 2021

@imjasonh I rebased, hope it fixes the builds.

@hypnoce
Copy link
Contributor Author

hypnoce commented Dec 21, 2021
edited
Loading

Kaniko should also keep security xattr when unpacking. Added the writeXattr when unpacking.

imjasonh
imjasonh approved these changes Dec 23, 2021
View reviewed changes
Copy link
Collaborator

@imjasonh imjasonh left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Thank you!🙏

@imjasonh imjasonh merged commit 5c81fa5 into GoogleContainerTools:master Dec 23, 2021
gcalmettes pushed a commit to gcalmettes/kaniko that referenced this pull request Dec 24, 2021
@hypnoce @gcalmettes-fbox
Fixes GoogleContainerTools#1837 : keep file capabilities on archival (G…
199ed9f 
…oogleContainerTools#1838)

Signed-off-by: JACQUES Francois <[email protected]>
@imjasonh imjasonh mentioned this pull request Mar 9, 2022
Open
@arielshulman arielshulman mentioned this pull request Jun 29, 2022
Open
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@imjasonh imjasonh imjasonh approved these changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

File capabilities are lost during archival
2 participants
@hypnoce @imjasonh