diff --git a/pkg/archive/archive.go b/pkg/archive/archive.go index 733b168333..1111bfcd56 100644 --- a/pkg/archive/archive.go +++ b/pkg/archive/archive.go @@ -70,6 +70,8 @@ type ( } ) +const PaxSchilyXattr = "SCHILY.xattr." + const ( tarExt = "tar" solaris = "solaris" @@ -420,8 +422,8 @@ func FileInfoHeader(name string, fi os.FileInfo, link string) (*tar.Header, erro // ReadSecurityXattrToTarHeader reads security.capability, security,image // xattrs from filesystem to a tar header func ReadSecurityXattrToTarHeader(path string, hdr *tar.Header) error { - if hdr.Xattrs == nil { - hdr.Xattrs = make(map[string]string) + if hdr.PAXRecords == nil { + hdr.PAXRecords = make(map[string]string) } for _, xattr := range []string{"security.capability", "security.ima"} { capability, err := system.Lgetxattr(path, xattr) @@ -429,7 +431,7 @@ func ReadSecurityXattrToTarHeader(path string, hdr *tar.Header) error { return fmt.Errorf("failed to read %q attribute from %q: %w", xattr, path, err) } if capability != nil { - hdr.Xattrs[xattr] = string(capability) + hdr.PAXRecords[PaxSchilyXattr+xattr] = string(capability) } } return nil @@ -451,10 +453,10 @@ func ReadUserXattrToTarHeader(path string, hdr *tar.Header) error { } return err } - if hdr.Xattrs == nil { - hdr.Xattrs = make(map[string]string) + if hdr.PAXRecords == nil { + hdr.PAXRecords = make(map[string]string) } - hdr.Xattrs[key] = string(value) + hdr.PAXRecords[PaxSchilyXattr+key] = string(value) } } return nil @@ -782,11 +784,15 @@ func createTarFile(path, extractDir string, hdr *tar.Header, reader io.Reader, L } var errs []string - for key, value := range hdr.Xattrs { - if _, found := xattrsToIgnore[key]; found { + for key, value := range hdr.PAXRecords { + xattr_key, ok := strings.CutPrefix(key, PaxSchilyXattr) + if !ok { + continue + } + if _, found := xattrsToIgnore[xattr_key]; found { continue } - if err := system.Lsetxattr(path, key, []byte(value), 0); err != nil { + if err := system.Lsetxattr(path, xattr_key, []byte(value), 0); err != nil { if errors.Is(err, syscall.ENOTSUP) || (inUserns && errors.Is(err, syscall.EPERM)) { // We ignore errors here because not all graphdrivers support // xattrs *cough* old versions of AUFS *cough*. However only @@ -1371,7 +1377,7 @@ func remapIDs(readIDMappings, writeIDMappings *idtools.IDMappings, chownOpts *id } } else if runtime.GOOS == darwin { uid, gid = hdr.Uid, hdr.Gid - if xstat, ok := hdr.Xattrs[idtools.ContainersOverrideXattr]; ok { + if xstat, ok := hdr.PAXRecords[PaxSchilyXattr+idtools.ContainersOverrideXattr]; ok { attrs := strings.Split(string(xstat), ":") if len(attrs) == 3 { val, err := strconv.ParseUint(attrs[0], 10, 32) diff --git a/pkg/archive/archive_linux.go b/pkg/archive/archive_linux.go index 02995d767a..eae60a3055 100644 --- a/pkg/archive/archive_linux.go +++ b/pkg/archive/archive_linux.go @@ -48,8 +48,8 @@ func (o overlayWhiteoutConverter) ConvertWrite(hdr *tar.Header, path string, fi return nil, err } if len(opaque) == 1 && opaque[0] == 'y' { - if hdr.Xattrs != nil { - delete(hdr.Xattrs, getOverlayOpaqueXattrName()) + if hdr.PAXRecords != nil { + delete(hdr.PAXRecords, PaxSchilyXattr+getOverlayOpaqueXattrName()) } // If there are no lower layers, then it can't have been deleted in this layer. if len(o.rolayers) == 0 { diff --git a/pkg/chunked/compressor/compressor.go b/pkg/chunked/compressor/compressor.go index a2fd904caf..6dc19bf8c0 100644 --- a/pkg/chunked/compressor/compressor.go +++ b/pkg/chunked/compressor/compressor.go @@ -9,7 +9,9 @@ import ( "bytes" "encoding/base64" "io" + "strings" + "github.com/containers/storage/pkg/archive" "github.com/containers/storage/pkg/chunked/internal" "github.com/containers/storage/pkg/ioutils" "github.com/klauspost/compress/zstd" @@ -374,8 +376,12 @@ func writeZstdChunkedStream(destFile io.Writer, outMetadata map[string]string, r return err } xattrs := make(map[string]string) - for k, v := range hdr.Xattrs { - xattrs[k] = base64.StdEncoding.EncodeToString([]byte(v)) + for k, v := range hdr.PAXRecords { + xattr_key, ok := strings.CutPrefix(k, archive.PaxSchilyXattr) + if !ok { + continue + } + xattrs[xattr_key] = base64.StdEncoding.EncodeToString([]byte(v)) } entries := []internal.FileMetadata{ {