Comments (6)
ah, thanks for reminding me about this, I was intending to file an issue. I
think we should be able to just split this out and use ExtractTarChroot iff
euid == 0, and ExtractTar otherwise?
On Wed, Oct 14, 2015 at 11:12 AM, Derek Gonyeo [email protected]
wrote:
The ExpandTar function untars the ACI in a chroot, which requires root
permissions to set up.—
Reply to this email directly or view it on GitHub
#35.
from build.
If a regular non-root user bob
wants to build an ACI that contains files belonging to someone else than bob
, the tar create/extract functions must be able to ignore the file ownership in the .acbuild
directory, and instead acbuild
must have a separate database of files' ownerships.
Basically this is what FakeRoot does but since we control the tar library from go, we don't need this kind of LD_PRELOAD
trick.
The tar writer BuildWalker used by End already has a callback that can be used to change the files ownership in the tarball (added by appc/spec#498). But for the tar reader part (extract), I don't know if rkt/pkg/tar (rkt/rkt#1616) should grow this kind of feature or if it should be implemented directly in acbuild?
from build.
Also, ExpandTar can only extract to /
: see how it is hardcoded: filepath.Join("/", hdr.Name)
. This is ok for rkt
but does not really fit acbuild
's requirements.
from build.
from build.
@dgonyeo is this done now?
from build.
Nope, I still need to make a PR to make use of the new ExtractTarInsecure
function. I'll get around to it in the near future.
from build.
Related Issues (20)
- `acbuild end` accepts running as non-superuser, then fails because of that HOT 2
- script: ending the build results in "no build in progress" HOT 3
- "acbuild run" with dependency fails form inside a container HOT 5
- OCI: update for new -rc5 image-layout format
- acbuild's dependent image discovery fails when server responses with redirection HOT 1
- Negative numbers in environment variables gets translated to opt flags HOT 1
- feature request: bind mounts from the host during build HOT 1
- overlayfs does not support rename operations HOT 7
- Can I build and push to registry an OCI image which will run in docker? HOT 12
- Provide Image ID on "write" HOT 3
- echo with acbuild run writes a file on the host HOT 2
- .aci increases in size with each build HOT 5
- 'file name too long' error on aci's built with v0.4.0 HOT 4
- Incremental build? HOT 5
- 'Error: overlayfs not supported on your system' with LXD Container HOT 4
- /dev, /proc and /sys are not mounted in my running rkt container HOT 6
- systemd-nspawn: unrecognized option '--setenv' HOT 1
- Created date annotation restrictions need to be documented or removed. HOT 3
- New import path for xz package HOT 1
- archive? HOT 3
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from build.