Open bozaro opened 1 year ago
Can you start a bug about this so we can get the requirements right first. It looks like you are setting xattr on each file. If that is the need, then we should raise this to the level of other attributes, like owner and perms, so we can apply it to each file distinctly.
I want to make something like Dockerfile
:
FROM ubuntu:22.04
...
COPY app /usr/local/bin/app
RUN setcap cap_sys_resource+ep /usr/local/bin/app
In BUILD.bazel
I got rules like:
load("@rules_pkg//:pkg.bzl", "pkg_tar")
load("@io_bazel_rules_docker//container:container.bzl", "container_image")
...
pkg_tar(
name = "app-tar",
extension = "tar",
files = {
":app": "/usr/local/bin/app",
},
xattr = [
"security.capability=0x0100000200000001000000000000000000000000",
],
)
container_image(
name = "app-image",
...
tars = [
":app-tar",
],
)
In this example xattr
I set xattr
to all one file, but in this PR also supported xattrs
attribute like:
xattrs = {
"usr/local/bin/app": [
"security.capability=0x0100000200000001000000000000000000000000",
]
},
Can you think about how this should be in pkg_files. Adding it only to pkg_tar is sort of a dead end. We want tools that describe what you want independently of the final package type.
Motivation
I need tool to set "max locked memory" ulimit for
mongos
inside Kubernetes environment. This tool needetcap cap_sys_resource+ep
xattr on file.This PR allows set
xattr
on files inside .tar artchives.Example
Allow set
xattr
inside tar archives, for example: