|
6 | 6 | "path/filepath" |
7 | 7 | "strings" |
8 | 8 |
|
| 9 | + "github.com/containerd/containerd/pkg/userns" |
9 | 10 | "github.com/docker/docker/pkg/system" |
10 | 11 | "github.com/pkg/errors" |
11 | 12 | "golang.org/x/sys/unix" |
@@ -35,13 +36,18 @@ func (overlayWhiteoutConverter) ConvertWrite(hdr *tar.Header, path string, fi os |
35 | 36 | } |
36 | 37 |
|
37 | 38 | if fi.Mode()&os.ModeDir != 0 { |
| 39 | + opaqueXattrName := "trusted.overlay.opaque" |
| 40 | + if userns.RunningInUserNS() { |
| 41 | + opaqueXattrName = "user.overlay.opaque" |
| 42 | + } |
| 43 | + |
38 | 44 | // convert opaque dirs to AUFS format by writing an empty file with the prefix |
39 | | - opaque, err := system.Lgetxattr(path, "trusted.overlay.opaque") |
| 45 | + opaque, err := system.Lgetxattr(path, opaqueXattrName) |
40 | 46 | if err != nil { |
41 | 47 | return nil, err |
42 | 48 | } |
43 | 49 | if len(opaque) == 1 && opaque[0] == 'y' { |
44 | | - delete(hdr.PAXRecords, paxSchilyXattr+"trusted.overlay.opaque") |
| 50 | + delete(hdr.PAXRecords, paxSchilyXattr+opaqueXattrName) |
45 | 51 |
|
46 | 52 | // create a header for the whiteout file |
47 | 53 | // it should inherit some properties from the parent, but be a regular file |
@@ -69,9 +75,14 @@ func (c overlayWhiteoutConverter) ConvertRead(hdr *tar.Header, path string) (boo |
69 | 75 |
|
70 | 76 | // if a directory is marked as opaque by the AUFS special file, we need to translate that to overlay |
71 | 77 | if base == WhiteoutOpaqueDir { |
72 | | - err := unix.Setxattr(dir, "trusted.overlay.opaque", []byte{'y'}, 0) |
| 78 | + opaqueXattrName := "trusted.overlay.opaque" |
| 79 | + if userns.RunningInUserNS() { |
| 80 | + opaqueXattrName = "user.overlay.opaque" |
| 81 | + } |
| 82 | + |
| 83 | + err := unix.Setxattr(dir, opaqueXattrName, []byte{'y'}, 0) |
73 | 84 | if err != nil { |
74 | | - return false, errors.Wrapf(err, "setxattr(%q, trusted.overlay.opaque=y)", dir) |
| 85 | + return false, errors.Wrapf(err, "setxattr(%q, %s=y)", dir, opaqueXattrName) |
75 | 86 | } |
76 | 87 | // don't write the file itself |
77 | 88 | return false, err |
|
0 commit comments