search

opencontainers / umoci

umoci modifies Open Container images
https://umo.ci
Apache License 2.0
731 stars 97 forks source link

bug: tar extract with overlayfs whiteout #546

Open rchincha opened 4 months ago

rchincha commented 4 months ago

If the tar contents are

/a/.wh.b /a/b/c/d

and we use a tar extractor with overlayfs whiteout option (assuming I want to overlayfs the unpacked layers), then at: https://github.com/opencontainers/umoci/blob/main/oci/layer/tar_extract.go#L490 ^ a mknod happens when /a/.wh.b is encountered.

However, when /a/b/c/d is encountered, cannot really do a mkdir /a/b/c/ at: https://github.com/opencontainers/umoci/blob/main/oci/layer/tar_extract.go#L513 ^ since /a/b is a non-dir entry.

There are two ways to fix this:

  1. on a /a/.wh.b, just remove that entry completely (rm -rf /a/b) and proceed
  2. set trusted.overlay.opaque=y for /a/b and proceed ... basically force this https://github.com/opencontainers/umoci/blob/main/oci/layer/tar_extract.go#L369

@cyphar Thoughts?

rchincha commented 4 months ago 
+++ b/oci/layer/tar_extract.go
@@ -380,7 +380,9 @@ func (te *TarExtractor) overlayFSWhiteout(dir string, file string) error {

-       err := te.fsEval.Mknod(p, unix.S_IFCHR|0666, unix.Mkdev(0, 0))
+       err := te.fsEval.Lsetxattr(dir, "user.overlay.opaque", []byte("y"), 0)