chrootarchive

package

v1.40.1 Latest Latest Go to latest Published: May 3, 2022 License: Apache-2.0 Imports: 23 Imported by: 72

Details

Valid go.mod file

The Go module system was introduced in Go 1.11 and is the official dependency management solution for Go.
Redistributable license

Redistributable licenses place minimal restrictions on how software can be used, modified, and redistributed.
Tagged version

Modules with tagged versions give importers more predictable builds.
Stable version

When a project reaches major version v1 it is considered stable.
Learn more about best practices

Repository

github.com/containers/storage

Links

Open Source Insights

Documentation ¶

Rendered for

Index ¶

func ApplyLayer(dest string, layer io.Reader) (size int64, err error)
func ApplyUncompressedLayer(dest string, layer io.Reader, options *archive.TarOptions) (int64, error)
func CopyFileWithTarAndChown(chownOpts *idtools.IDPair, hasher io.Writer, uidmap []idtools.IDMap, ...) func(src, dest string) error
func CopyWithTarAndChown(chownOpts *idtools.IDPair, hasher io.Writer, uidmap []idtools.IDMap, ...) func(src, dest string) error
func NewArchiver(idMappings *idtools.IDMappings) *archive.Archiver
func NewArchiverWithChown(tarIDMappings *idtools.IDMappings, chownOpts *idtools.IDPair, ...) *archive.Archiver
func Tar(srcPath string, options *archive.TarOptions, root string) (io.ReadCloser, error)
func Untar(tarArchive io.Reader, dest string, options *archive.TarOptions) error
func UntarPathAndChown(chownOpts *idtools.IDPair, hasher io.Writer, uidmap []idtools.IDMap, ...) func(src, dest string) error
func UntarUncompressed(tarArchive io.Reader, dest string, options *archive.TarOptions) error
func UntarWithRoot(tarArchive io.Reader, dest string, options *archive.TarOptions, root string) error

Constants ¶

This section is empty.

Variables ¶

This section is empty.

Functions ¶

func ApplyLayer ¶

func ApplyLayer(dest string, layer io.Reader) (size int64, err error)

ApplyLayer parses a diff in the standard layer format from `layer`, and applies it to the directory `dest`. The stream `layer` can only be uncompressed. Returns the size in bytes of the contents of the layer.

func ApplyUncompressedLayer ¶

func ApplyUncompressedLayer(dest string, layer io.Reader, options *archive.TarOptions) (int64, error)

ApplyUncompressedLayer parses a diff in the standard layer format from `layer`, and applies it to the directory `dest`. The stream `layer` can only be uncompressed. Returns the size in bytes of the contents of the layer.

func CopyFileWithTarAndChown ¶

func CopyFileWithTarAndChown(chownOpts *idtools.IDPair, hasher io.Writer, uidmap []idtools.IDMap, gidmap []idtools.IDMap) func(src, dest string) error

CopyFileWithTarAndChown returns a function which copies a single file from outside of any container into our working container, mapping permissions using the container's ID maps, possibly overridden using the passed-in chownOpts

func CopyWithTarAndChown ¶

func CopyWithTarAndChown(chownOpts *idtools.IDPair, hasher io.Writer, uidmap []idtools.IDMap, gidmap []idtools.IDMap) func(src, dest string) error

CopyWithTarAndChown returns a function which copies a directory tree from outside of any container into our working container, mapping permissions using the container's ID maps, possibly overridden using the passed-in chownOpts

func NewArchiver ¶

func NewArchiver(idMappings *idtools.IDMappings) *archive.Archiver

NewArchiver returns a new Archiver which uses chrootarchive.Untar

func NewArchiverWithChown ¶

func NewArchiverWithChown(tarIDMappings *idtools.IDMappings, chownOpts *idtools.IDPair, untarIDMappings *idtools.IDMappings) *archive.Archiver

NewArchiverWithChown returns a new Archiver which uses chrootarchive.Untar and the provided ID mapping configuration on both ends

func Tar ¶

func Tar(srcPath string, options *archive.TarOptions, root string) (io.ReadCloser, error)

Tar tars the requested path while chrooted to the specified root.

func Untar ¶

func Untar(tarArchive io.Reader, dest string, options *archive.TarOptions) error

Untar reads a stream of bytes from `archive`, parses it as a tar archive, and unpacks it into the directory at `dest`. The archive may be compressed with one of the following algorithms:

identity (uncompressed), gzip, bzip2, xz.

func UntarPathAndChown ¶

func UntarPathAndChown(chownOpts *idtools.IDPair, hasher io.Writer, uidmap []idtools.IDMap, gidmap []idtools.IDMap) func(src, dest string) error

UntarPathAndChown returns a function which extracts an archive in a specified location into our working container, mapping permissions using the container's ID maps, possibly overridden using the passed-in chownOpts

func UntarUncompressed ¶

func UntarUncompressed(tarArchive io.Reader, dest string, options *archive.TarOptions) error

UntarUncompressed reads a stream of bytes from `archive`, parses it as a tar archive, and unpacks it into the directory at `dest`. The archive must be an uncompressed stream.

func UntarWithRoot ¶

func UntarWithRoot(tarArchive io.Reader, dest string, options *archive.TarOptions, root string) error

UntarWithRoot is the same as `Untar`, but allows you to pass in a root directory The root directory is the directory that will be chrooted to. `dest` must be a path within `root`, if it is not an error will be returned.

`root` should set to a directory which is not controlled by any potentially malicious process.

This should be used to prevent a potential attacker from manipulating `dest` such that it would provide access to files outside of `dest` through things like symlinks. Normally `ResolveSymlinksInScope` would handle this, however sanitizing symlinks in this manner is inherrently racey: ref: CVE-2018-15664

Types ¶

This section is empty.

Source Files ¶

View all Source files

?	: This menu
/	: Search site
f or F	: Jump to
y or Y	: Canonical URL