search

cloudfoundry / cflinuxfs4-release

Cloud Foundry stack based on Ubuntu 22.04 LTS
Apache License 2.0
0 stars 2 forks source link

ping issue: preserve xattr info #5

Closed arjun024 closed 1 year ago

arjun024 commented 1 year ago

This bosh-release untars and retars the rootFS to update ca certs, but in the process did not preserve xattr information.

With this commit, on tar operations xattr attributes are preserved which are required for linux file capabilities[1]. The issue was found while investigating why newer versions of the iputils-ping that rely on capabilities (instead of setuid in older versions) weren't working as expected.

This change along with a similar change in garden[2] fixes the ping issue on CF. The setuid workaround[3] is not required anymore.

  1. https://man7.org/linux/man-pages/man7/capabilities.7.html#:~:text=a%20capability%20set.-,File%20capabilities,-Since%20Linux%202.6.24
  2. https://github.com/cloudfoundry/guardian/pull/420 available in garden-runc-release 1.39.0
  3. https://github.com/cloudfoundry/cflinuxfs4/pull/13

Also see discussion https://cloudfoundry.slack.com/archives/C033RE5D6/p1694194745658319 Older related PR: https://github.com/cloudfoundry/cflinuxfs4-release/pull/4

arjun024 commented 1 year ago

@cloudfoundry/wg-app-runtime-interfaces-buildpacks-stacks-approvers