hasher: hash security.capability attributes #1994
Merged
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Fixes #1851
Description
In Dockerfile, if there is something like:
kaniko won't detect that there is a change on file
/path/to/binary
andthus discards this layer. This patch allows the hasher function to
actually look at
security.capability
extended attributes.The function
Lgetxattr
uses https://github.com/moby/moby/blob/c72c1ca62cd20e74582a01b8a54a58ae7f646d4c/pkg/system/xattrs_linux.go#L8Submitter Checklist
These are the criteria that every PR should meet, please check them off as you
review them:
See the contribution guide for more details.
Reviewer Notes
Release Notes