Skip to content

pkg/archive: fix TestTarUntarWithXattr failure on recent kernel#38292

Merged
thaJeztah merged 1 commit intomoby:masterfrom
AkihiroSuda:fix-pkg-archive-xattr-test
Dec 10, 2018
Merged

pkg/archive: fix TestTarUntarWithXattr failure on recent kernel#38292
thaJeztah merged 1 commit intomoby:masterfrom
AkihiroSuda:fix-pkg-archive-xattr-test

Conversation

@AkihiroSuda
Copy link
Member

@AkihiroSuda AkihiroSuda commented Nov 29, 2018

Signed-off-by: Akihiro Suda [email protected]

- What I did

Fix TestTarUntarWithXattr failure on recent kernel, which has strict check for security.capability value.
Fix #38289

- How I did it

Use setcap/getcap binary with real capability value, rather than using invalid capability.

- How to verify it

$ TESTDIRS='github.com/docker/docker/pkg/archive' TESTFLAGS="-run TestTarUntarWithXattr -v" make test-unit
...
=== RUN   TestTarUntarWithXattr
--- PASS: TestTarUntarWithXattr (0.01s)
PASS
coverage: 30.7% of statements
ok      github.com/docker/docker/pkg/archive    0.018s  coverage: 30.7% of statements

Tested on Ubuntu 18.04.1, kernel 4.15.0-39-generic #42-Ubuntu

- Description for the changelog

- A picture of a cute animal (not mandatory but encouraged)
🐧

@AkihiroSuda
pkg/archive: fix TestTarUntarWithXattr failure on recent kernel
9ddd6e4 
Recent kernel has strict check for security.capability value.
Fix moby#38289

Signed-off-by: Akihiro Suda <[email protected]>
This was referenced Nov 29, 2018
Closed
Merged
@codecov
Copy link

codecov bot commented Nov 29, 2018

Codecov Report

❗ No coverage uploaded for pull request base (master@852542b). Click here to learn what that means.
The diff coverage is n/a.

@@            Coverage Diff            @@
##             master   #38292   +/-   ##
=========================================
  Coverage          ?    36.1%           
=========================================
  Files             ?      610           
  Lines             ?    45271           
  Branches          ?        0           
=========================================
  Hits              ?    16346           
  Misses            ?    26687           
  Partials          ?     2238

@thaJeztah
Copy link
Member

thaJeztah commented Nov 30, 2018

ping @kolyshkin @tonistiigi PTAL

@AkihiroSuda
Copy link
Member Author

AkihiroSuda commented Dec 4, 2018

cc @cpuguy83

cpuguy83
cpuguy83 approved these changes Dec 4, 2018
View reviewed changes
Copy link
Member

@cpuguy83 cpuguy83 left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM

thaJeztah
thaJeztah approved these changes Dec 10, 2018
View reviewed changes
Copy link
Member

@thaJeztah thaJeztah left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM

@thaJeztah thaJeztah merged commit ce58fce into moby:master Dec 10, 2018
@thaJeztah thaJeztah mentioned this pull request Feb 11, 2019
Merged
thaJeztah
thaJeztah reviewed Feb 13, 2019
View reviewed changes
pkg/archive/archive_unix_test.go
assert.NilError(t, err)
err = system.Lsetxattr(filepath.Join(origin, "2"), "security.capability", []byte{0x00}, 0)
assert.NilError(t, err)
// there is no known Go implementation of setcap/getcap with support for v3 file capability
Copy link
Member

@thaJeztah thaJeztah Feb 13, 2019

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

@AkihiroSuda should we raise an issue for this with the Go maintainers? (perhaps @tklauser knows if this is something that's being worked on, or a tracking issue exists?)

Copy link
Member Author

@AkihiroSuda AkihiroSuda Feb 13, 2019

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Yes, but can be implemented as a 3rd party library perhaps. (Go standard lib doesn't seem to have library functions even for v2 cap)

Actually https://github.com/tianon/debian-golang-gocapability/blob/master/capability/capability_linux.go seems supporting v3, I can't remember why I didn't choose this library.

Copy link
Contributor

@tklauser tklauser Feb 13, 2019

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

@thaJeztah @AkihiroSuda AFAIK this is not being worked on currently, nor does there exist an issue for adding this to golang.org/x/sys/unix (the syscall package in the standard lib is frozen, so it is unlikely to be added there). But please feel free to file such an issue on https://github.com/golang/go/issues/new against the x/sys/unix package if you need these wrappers.

@thaJeztah thaJeztah mentioned this pull request Feb 13, 2019
Closed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@thaJeztah thaJeztah thaJeztah approved these changes

@cpuguy83 cpuguy83 cpuguy83 approved these changes

+1 more reviewer

@tklauser tklauser tklauser left review comments

Reviewers whose approvals may not affect merge requirements

Assignees

No one assigned

Labels

area/testing status/2-code-review

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

pkg/archive.TestTarUntarWithXattr fails on recent kernel

5 participants

@AkihiroSuda @thaJeztah @tklauser @cpuguy83 @GordonTheTurtle