Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

pkg/archive: fix TestTarUntarWithXattr failure on recent kernel #38292

Merged
merged 1 commit into from
Dec 10, 2018
Merged

pkg/archive: fix TestTarUntarWithXattr failure on recent kernel #38292

merged 1 commit into from
Dec 10, 2018

Conversation

AkihiroSuda
Copy link
Member

Signed-off-by: Akihiro Suda suda.akihiro@lab.ntt.co.jp

- What I did

Fix TestTarUntarWithXattr failure on recent kernel, which has strict check for security.capability value.
Fix #38289

- How I did it

Use setcap/getcap binary with real capability value, rather than using invalid capability.

- How to verify it

$ TESTDIRS='github.com/docker/docker/pkg/archive' TESTFLAGS="-run TestTarUntarWithXattr -v" make test-unit
...
=== RUN   TestTarUntarWithXattr
--- PASS: TestTarUntarWithXattr (0.01s)
PASS
coverage: 30.7% of statements
ok      github.com/docker/docker/pkg/archive    0.018s  coverage: 30.7% of statements

Tested on Ubuntu 18.04.1, kernel 4.15.0-39-generic #42-Ubuntu

- Description for the changelog

- A picture of a cute animal (not mandatory but encouraged)
🐧

@AkihiroSuda
pkg/archive: fix TestTarUntarWithXattr failure on recent kernel
9ddd6e4 
Recent kernel has strict check for security.capability value.
Fix moby#38289

Signed-off-by: Akihiro Suda <suda.akihiro@lab.ntt.co.jp>
This was referenced Nov 29, 2018
Closed
Merged
@codecov
Copy link

codecov bot commented Nov 29, 2018

Codecov Report

❗ No coverage uploaded for pull request base (master@852542b). Click here to learn what that means.
The diff coverage is n/a.

@@            Coverage Diff            @@
##             master   #38292   +/-   ##
=========================================
  Coverage          ?    36.1%           
=========================================
  Files             ?      610           
  Lines             ?    45271           
  Branches          ?        0           
=========================================
  Hits              ?    16346           
  Misses            ?    26687           
  Partials          ?     2238

@thaJeztah
Copy link
Member

ping @kolyshkin @tonistiigi PTAL

@AkihiroSuda
Copy link
Member Author

cc @cpuguy83

cpuguy83
cpuguy83 approved these changes Dec 4, 2018
View reviewed changes
Copy link
Member

@cpuguy83 cpuguy83 left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM

thaJeztah
thaJeztah approved these changes Dec 10, 2018
View reviewed changes
Copy link
Member

@thaJeztah thaJeztah left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM

@thaJeztah thaJeztah merged commit ce58fce into moby:master Dec 10, 2018
@thaJeztah thaJeztah mentioned this pull request Feb 11, 2019
Merged
thaJeztah
thaJeztah reviewed Feb 13, 2019
View reviewed changes
pkg/archive/archive_unix_test.go
@@ -232,8 +240,9 @@ func TestTarUntarWithXattr(t *testing.T) {
assert.NilError(t, err)
err = ioutil.WriteFile(filepath.Join(origin, "3"), []byte("will be ignored"), 0700)
assert.NilError(t, err)
err = system.Lsetxattr(filepath.Join(origin, "2"), "security.capability", []byte{0x00}, 0)
assert.NilError(t, err)
// there is no known Go implementation of setcap/getcap with support for v3 file capability
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

@AkihiroSuda should we raise an issue for this with the Go maintainers? (perhaps @tklauser knows if this is something that's being worked on, or a tracking issue exists?)

Copy link
Member Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Yes, but can be implemented as a 3rd party library perhaps. (Go standard lib doesn't seem to have library functions even for v2 cap)

Actually https://github.com/tianon/debian-golang-gocapability/blob/master/capability/capability_linux.go seems supporting v3, I can't remember why I didn't choose this library.

Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

@thaJeztah @AkihiroSuda AFAIK this is not being worked on currently, nor does there exist an issue for adding this to golang.org/x/sys/unix (the syscall package in the standard lib is frozen, so it is unlikely to be added there). But please feel free to file such an issue on https://github.com/golang/go/issues/new against the x/sys/unix package if you need these wrappers.

@thaJeztah thaJeztah mentioned this pull request Feb 13, 2019
Closed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@thaJeztah thaJeztah thaJeztah approved these changes

@tklauser tklauser tklauser left review comments

@cpuguy83 cpuguy83 cpuguy83 approved these changes

Assignees
No one assigned
Labels
area/testing status/2-code-review
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

pkg/archive.TestTarUntarWithXattr fails on recent kernel
5 participants
@AkihiroSuda @thaJeztah @tklauser @cpuguy83 @GordonTheTurtle