2022-04-21 21:47:47 +08:00
|
|
|
//go:build !windows
|
2020-07-15 04:34:07 +08:00
|
|
|
|
|
|
|
|
package copier
|
|
|
|
|
|
|
|
|
|
import (
|
2022-07-06 17:14:06 +08:00
|
|
|
"fmt"
|
2020-07-15 04:34:07 +08:00
|
|
|
"os"
|
2021-04-14 02:09:21 +08:00
|
|
|
"syscall"
|
2020-07-15 04:34:07 +08:00
|
|
|
"time"
|
|
|
|
|
|
|
|
|
|
"golang.org/x/sys/unix"
|
|
|
|
|
)
|
|
|
|
|
|
2020-12-16 23:26:59 +08:00
|
|
|
var canChroot = os.Getuid() == 0
|
2020-07-15 04:34:07 +08:00
|
|
|
|
|
|
|
|
func chroot(root string) (bool, error) {
|
|
|
|
|
if canChroot {
|
|
|
|
|
if err := os.Chdir(root); err != nil {
|
2022-09-18 18:36:08 +08:00
|
|
|
return false, fmt.Errorf("changing to intended-new-root directory %q: %w", root, err)
|
2020-07-15 04:34:07 +08:00
|
|
|
}
|
|
|
|
|
if err := unix.Chroot(root); err != nil {
|
2022-09-18 18:36:08 +08:00
|
|
|
return false, fmt.Errorf("chrooting to directory %q: %w", root, err)
|
2020-07-15 04:34:07 +08:00
|
|
|
}
|
|
|
|
|
if err := os.Chdir(string(os.PathSeparator)); err != nil {
|
2022-09-18 18:36:08 +08:00
|
|
|
return false, fmt.Errorf("changing to just-became-root directory %q: %w", root, err)
|
2020-07-15 04:34:07 +08:00
|
|
|
}
|
|
|
|
|
return true, nil
|
|
|
|
|
}
|
|
|
|
|
return false, nil
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
func chrMode(mode os.FileMode) uint32 {
|
|
|
|
|
return uint32(unix.S_IFCHR | mode)
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
func blkMode(mode os.FileMode) uint32 {
|
|
|
|
|
return uint32(unix.S_IFBLK | mode)
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
func mkdev(major, minor uint32) uint64 {
|
|
|
|
|
return unix.Mkdev(major, minor)
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
func mkfifo(path string, mode uint32) error {
|
|
|
|
|
return unix.Mkfifo(path, mode)
|
|
|
|
|
}
|
|
|
|
|
|
copier: add Mkdir()
Add a function for doing Mkdir-possibly-in-a-chroot, for ensuring that a
directory exists without having to possibly create it directly from
outside of a chroot.
Make use of filepath.ToSlash() and filepath.FromSlash() where it's
appropriate.
Add more unit tests.
Address some review comments:
* Check for ERANGE instead of E2BIG errors from llistxattr() and
lgetxattr() as indicators that the buffer we passed to them is too
small.
* Factor an `isRelevantXattr` helper out of Lgetxattrs() and
Lsetxattrs().
* Drop our getcwd() function in favor of using os.Getwd().
* Adjust the comment describing the GetOptions.KeepDirectoryNames field.
* Clean hdr.Name before attempting to compute where an item being
extracted should go.
* When writing items to the filesystem, create with 0?00 permissions,
set ownership, then set the correct permissions.
* Merge StatResponse.Error, GetResponse.Error, and PutResponse.Error
into Response.Error.
* When reading items from the filesystem, if a glob matches multiple
items, and one of the items is excluded, continue checking the other
items.
* Make sure we always Wait() on a child process if we spawned one.
* Clean up the cleanup logic for pipes that we use to communicate with a
child process.
* Clean up the kill-the-child-process logic we call when we encounter an
error communicating with the child process.
* Drop the separate Options structure, use helper methods to simplify
pulling out the right ID maps and exclusions list for the request.
Signed-off-by: Nalin Dahyabhai <nalin@redhat.com>
2020-07-31 02:00:25 +08:00
|
|
|
func chmod(path string, mode os.FileMode) error {
|
|
|
|
|
return os.Chmod(path, mode)
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
func chown(path string, uid, gid int) error {
|
|
|
|
|
return os.Chown(path, uid, gid)
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
func lchown(path string, uid, gid int) error {
|
|
|
|
|
return os.Lchown(path, uid, gid)
|
|
|
|
|
}
|
|
|
|
|
|
2024-08-07 03:07:02 +08:00
|
|
|
func lutimes(_ bool, path string, atime, mtime time.Time) error {
|
2020-07-15 04:34:07 +08:00
|
|
|
if atime.IsZero() || mtime.IsZero() {
|
|
|
|
|
now := time.Now()
|
|
|
|
|
if atime.IsZero() {
|
|
|
|
|
atime = now
|
|
|
|
|
}
|
|
|
|
|
if mtime.IsZero() {
|
|
|
|
|
mtime = now
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
return unix.Lutimes(path, []unix.Timeval{unix.NsecToTimeval(atime.UnixNano()), unix.NsecToTimeval(mtime.UnixNano())})
|
|
|
|
|
}
|
copier: add Mkdir()
Add a function for doing Mkdir-possibly-in-a-chroot, for ensuring that a
directory exists without having to possibly create it directly from
outside of a chroot.
Make use of filepath.ToSlash() and filepath.FromSlash() where it's
appropriate.
Add more unit tests.
Address some review comments:
* Check for ERANGE instead of E2BIG errors from llistxattr() and
lgetxattr() as indicators that the buffer we passed to them is too
small.
* Factor an `isRelevantXattr` helper out of Lgetxattrs() and
Lsetxattrs().
* Drop our getcwd() function in favor of using os.Getwd().
* Adjust the comment describing the GetOptions.KeepDirectoryNames field.
* Clean hdr.Name before attempting to compute where an item being
extracted should go.
* When writing items to the filesystem, create with 0?00 permissions,
set ownership, then set the correct permissions.
* Merge StatResponse.Error, GetResponse.Error, and PutResponse.Error
into Response.Error.
* When reading items from the filesystem, if a glob matches multiple
items, and one of the items is excluded, continue checking the other
items.
* Make sure we always Wait() on a child process if we spawned one.
* Clean up the cleanup logic for pipes that we use to communicate with a
child process.
* Clean up the kill-the-child-process logic we call when we encounter an
error communicating with the child process.
* Drop the separate Options structure, use helper methods to simplify
pulling out the right ID maps and exclusions list for the request.
Signed-off-by: Nalin Dahyabhai <nalin@redhat.com>
2020-07-31 02:00:25 +08:00
|
|
|
|
2021-04-14 02:09:21 +08:00
|
|
|
// sameDevice returns true unless we're sure that they're not on the same device
|
|
|
|
|
func sameDevice(a, b os.FileInfo) bool {
|
|
|
|
|
aSys := a.Sys()
|
|
|
|
|
bSys := b.Sys()
|
|
|
|
|
if aSys == nil || bSys == nil {
|
|
|
|
|
return true
|
|
|
|
|
}
|
2024-11-09 09:10:56 +08:00
|
|
|
uA, okA := aSys.(*syscall.Stat_t)
|
|
|
|
|
uB, okB := bSys.(*syscall.Stat_t)
|
|
|
|
|
if !okA || !okB {
|
2021-04-14 02:09:21 +08:00
|
|
|
return true
|
|
|
|
|
}
|
2024-11-09 09:10:56 +08:00
|
|
|
return uA.Dev == uB.Dev
|
2021-04-14 02:09:21 +08:00
|
|
|
}
|
|
|
|
|
|
copier: add Mkdir()
Add a function for doing Mkdir-possibly-in-a-chroot, for ensuring that a
directory exists without having to possibly create it directly from
outside of a chroot.
Make use of filepath.ToSlash() and filepath.FromSlash() where it's
appropriate.
Add more unit tests.
Address some review comments:
* Check for ERANGE instead of E2BIG errors from llistxattr() and
lgetxattr() as indicators that the buffer we passed to them is too
small.
* Factor an `isRelevantXattr` helper out of Lgetxattrs() and
Lsetxattrs().
* Drop our getcwd() function in favor of using os.Getwd().
* Adjust the comment describing the GetOptions.KeepDirectoryNames field.
* Clean hdr.Name before attempting to compute where an item being
extracted should go.
* When writing items to the filesystem, create with 0?00 permissions,
set ownership, then set the correct permissions.
* Merge StatResponse.Error, GetResponse.Error, and PutResponse.Error
into Response.Error.
* When reading items from the filesystem, if a glob matches multiple
items, and one of the items is excluded, continue checking the other
items.
* Make sure we always Wait() on a child process if we spawned one.
* Clean up the cleanup logic for pipes that we use to communicate with a
child process.
* Clean up the kill-the-child-process logic we call when we encounter an
error communicating with the child process.
* Drop the separate Options structure, use helper methods to simplify
pulling out the right ID maps and exclusions list for the request.
Signed-off-by: Nalin Dahyabhai <nalin@redhat.com>
2020-07-31 02:00:25 +08:00
|
|
|
const (
|
|
|
|
|
testModeMask = int64(os.ModePerm)
|
|
|
|
|
testIgnoreSymlinkDates = false
|
|
|
|
|
)
|
