Skip to content

Fail unpacking images with xattrs to filesystems without xattr support #45464

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
neersighted merged 2 commits into from
May 19, 2023
Merged

Fail unpacking images with xattrs to filesystems without xattr support #45464

neersighted merged 2 commits into from
May 19, 2023
+167 −26

Conversation

@corhere
Copy link
Contributor

@corhere corhere commented May 4, 2023
edited
Loading

- What I did
Following up #45420 (comment), I made it a fatal error to untar a file with extended attributes to a destination which does not support extended attributes. I added an escape hatch to the vfs graph driver to allow users to opt back into the old, broken behaviour.

- How I did it
I made ignoring EPERM and ENOTSUPP errors from lsetxattr when extracting a file from a tarball conditional on a new BestEffortXattrs flag in archive.TarOptions and plumbed the flag through to the vfs driver. I added a new storage option vfs.xattrs=i_want_broken_containers to the driver to set the flag. A warning is logged at daemon startup and in docker info output if this storage option is enabled.

- How to verify it
With the new unit test

- Description for the changelog

  • Unpacking layers containing files with extended attributes onto a filesystem which does not support extended attributes will now fail. Previously, the extended attributes would be discarded if they could not be set, which could potentially result in containers malfunctioning. Most storage drivers already require the backing filesystem to support extended attributes so this change should have no impact on most users. The vfs driver is a notable exception; the previous behaviour can be restored by configuring it with --storage-opt vfs.xattrs=i_want_broken_containers. Enabling this storage option is highly discouraged and bug reports submitted against a daemon with this option set will be summarily closed without comment.

- A picture of a cute animal (not mandatory but encouraged)

thaJeztah
thaJeztah requested changes May 4, 2023
View reviewed changes
Copy link
Member

@thaJeztah thaJeztah left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

we discussed this, and because vfs is also a bit of a "last resort", we'd like to provide an escape-hatch for this case ("I_KNOW_WHAT_IM_DOING_GET_ME_OUT_OF_HERE")

@thaJeztah
Copy link
Member

thaJeztah commented May 4, 2023
edited
Loading

Also for "future self" (and other visitors); we initially had a concern "what happens if I pull an image, and it's extracted to a filesystem without xattr support (so extended attributes get discarded), and after that I would push that image?
But that's not a concern; when the image layers (tar) are constructed to push, only the file content is read from disk, all other properties are taken from the tar split headers (so even though the extended attributes are missing on the filesystem, the layers will re-apply them before pushing).

@corhere corhere force-pushed the xattrs-matter-in-images branch 2 times, most recently from 0252fef to 972afeb Compare May 9, 2023 17:52
thaJeztah
thaJeztah reviewed May 18, 2023
View reviewed changes
tianon
tianon approved these changes May 18, 2023
View reviewed changes
Copy link
Member

@tianon tianon left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

👀 (looks good minus the naming comment Seb just made)

thaJeztah
thaJeztah reviewed May 18, 2023
View reviewed changes
thaJeztah
thaJeztah approved these changes May 18, 2023
View reviewed changes
Copy link
Member

@thaJeztah thaJeztah left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

"LGTM" after changing the vfs prefix, and perhaps a logrus.Warn if the setting set.

thaJeztah
thaJeztah reviewed May 18, 2023
View reviewed changes
corhere added 2 commits May 18, 2023 16:31
@corhere
pkg/system: return rich errors from L(g|s)etxattr
0cdfd5f 
Signed-off-by: Cory Snider <csnider@mirantis.com>
@corhere
pkg/archive: bail if setting xattrs is unsupported
6690d29 
Extended attributes are set on files in container images for a reason.
Fail to unpack if extended attributes are present in a layer and setting
the attributes on the unpacked files fails for any reason.

Add an option to the vfs graph driver to opt into the old behaviour
where ENOTSUPP and EPERM errors encountered when setting extended
attributes are ignored. Make it abundantly clear to users and anyone
triaging their bug reports that they are shooting themselves in the
foot by enabling this option.

Signed-off-by: Cory Snider <csnider@mirantis.com>
@corhere corhere force-pushed the xattrs-matter-in-images branch from 972afeb to 6690d29 Compare May 18, 2023 21:21
@corhere
Copy link
Contributor Author

corhere commented May 18, 2023

Note for reviewers: all system-info warnings are logged by the daemon during startup in addition to being included in the /info response.

moby/daemon/daemon.go

Lines 1136 to 1139 in ccd834e

info := d.SystemInfo()
for _, w := range info.Warnings {
logrus.Warn(w)
}

neersighted
neersighted approved these changes May 18, 2023
View reviewed changes
Copy link
Member

@neersighted neersighted left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM, and the warning language seems to strike a good balance now.

@neersighted neersighted added this to the 25.0.0 milestone May 18, 2023
@corhere corhere mentioned this pull request May 18, 2023
Merged
@thaJeztah
Copy link
Member

thaJeztah commented May 19, 2023

Test failure looks related

=== FAIL: daemon/graphdriver/vfs TestXattrUnsupportedByBackingFS/xattrs=i_want_broken_containers (0.00s)
    vfs_test.go:98: assertion failed: error is not nil: unknown option xattrs for vfs

@neersighted neersighted merged commit 1545693 into moby:master May 19, 2023
@neersighted
Copy link
Member

neersighted commented May 19, 2023

...and that was the wrong button (I was trying to click 'Show all checks' but my brain wasn't quite there yet) -- @corhere, could you figure out the test issue in a follow-up?

@corhere corhere mentioned this pull request May 19, 2023
Merged
@corhere corhere deleted the xattrs-matter-in-images branch May 19, 2023 12:27
@thaJeztah thaJeztah mentioned this pull request Oct 11, 2023
Open
@thaJeztah thaJeztah mentioned this pull request Nov 20, 2023
Closed
@thaJeztah thaJeztah mentioned this pull request Dec 19, 2023
Closed
@corhere corhere mentioned this pull request Jan 22, 2024
Merged
@thaJeztah thaJeztah mentioned this pull request Jan 23, 2024
Merged
@pontus pontus mentioned this pull request Feb 24, 2024
Closed
@ChristopherHX ChristopherHX mentioned this pull request Mar 1, 2024
Merged
@GrimzEcho GrimzEcho mentioned this pull request Jun 12, 2024
Open
@gdraheim gdraheim mentioned this pull request Aug 5, 2024
Closed
@thaJeztah thaJeztah mentioned this pull request Dec 15, 2024
Merged
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@thaJeztah thaJeztah thaJeztah approved these changes

@tianon tianon tianon approved these changes

@cpuguy83 cpuguy83 cpuguy83 approved these changes

@neersighted neersighted neersighted approved these changes

@AkihiroSuda AkihiroSuda AkihiroSuda approved these changes

Assignees

No one assigned

Labels

area/storage Image Storage docs/revisit impact/changelog impact/deprecation status/2-code-review

Projects

None yet

Milestone

25.0.0

Development

Successfully merging this pull request may close these issues.

6 participants

@corhere @thaJeztah @neersighted @tianon @cpuguy83 @AkihiroSuda