chrootarchive

package
v1.46.0 Latest Latest
Warning

This package is not in the latest version of its module.

Go to latest
Published: Apr 4, 2023 License: Apache-2.0 Imports: 22 Imported by: 71

Documentation

Index

Constants

This section is empty.

Variables

This section is empty.

Functions

func ApplyLayer

func ApplyLayer(dest string, layer io.Reader) (size int64, err error)

ApplyLayer parses a diff in the standard layer format from `layer`, and applies it to the directory `dest`. The stream `layer` can only be uncompressed. Returns the size in bytes of the contents of the layer.

func ApplyUncompressedLayer

func ApplyUncompressedLayer(dest string, layer io.Reader, options *archive.TarOptions) (int64, error)

ApplyUncompressedLayer parses a diff in the standard layer format from `layer`, and applies it to the directory `dest`. The stream `layer` can only be uncompressed. Returns the size in bytes of the contents of the layer.

func CopyFileWithTarAndChown

func CopyFileWithTarAndChown(chownOpts *idtools.IDPair, hasher io.Writer, uidmap []idtools.IDMap, gidmap []idtools.IDMap) func(src, dest string) error

CopyFileWithTarAndChown returns a function which copies a single file from outside of any container into our working container, mapping permissions using the container's ID maps, possibly overridden using the passed-in chownOpts

func CopyWithTarAndChown

func CopyWithTarAndChown(chownOpts *idtools.IDPair, hasher io.Writer, uidmap []idtools.IDMap, gidmap []idtools.IDMap) func(src, dest string) error

CopyWithTarAndChown returns a function which copies a directory tree from outside of any container into our working container, mapping permissions using the container's ID maps, possibly overridden using the passed-in chownOpts

func NewArchiver

func NewArchiver(idMappings *idtools.IDMappings) *archive.Archiver

NewArchiver returns a new Archiver which uses chrootarchive.Untar

func NewArchiverWithChown

func NewArchiverWithChown(tarIDMappings *idtools.IDMappings, chownOpts *idtools.IDPair, untarIDMappings *idtools.IDMappings) *archive.Archiver

NewArchiverWithChown returns a new Archiver which uses chrootarchive.Untar and the provided ID mapping configuration on both ends

func Tar

func Tar(srcPath string, options *archive.TarOptions, root string) (io.ReadCloser, error)

Tar tars the requested path while chrooted to the specified root.

func Untar

func Untar(tarArchive io.Reader, dest string, options *archive.TarOptions) error

Untar reads a stream of bytes from `archive`, parses it as a tar archive, and unpacks it into the directory at `dest`. The archive may be compressed with one of the following algorithms:

identity (uncompressed), gzip, bzip2, xz.

func UntarPathAndChown

func UntarPathAndChown(chownOpts *idtools.IDPair, hasher io.Writer, uidmap []idtools.IDMap, gidmap []idtools.IDMap) func(src, dest string) error

UntarPathAndChown returns a function which extracts an archive in a specified location into our working container, mapping permissions using the container's ID maps, possibly overridden using the passed-in chownOpts

func UntarUncompressed

func UntarUncompressed(tarArchive io.Reader, dest string, options *archive.TarOptions) error

UntarUncompressed reads a stream of bytes from `archive`, parses it as a tar archive, and unpacks it into the directory at `dest`. The archive must be an uncompressed stream.

func UntarWithRoot

func UntarWithRoot(tarArchive io.Reader, dest string, options *archive.TarOptions, root string) error

UntarWithRoot is the same as `Untar`, but allows you to pass in a root directory The root directory is the directory that will be chrooted to. `dest` must be a path within `root`, if it is not an error will be returned.

`root` should set to a directory which is not controlled by any potentially malicious process.

This should be used to prevent a potential attacker from manipulating `dest` such that it would provide access to files outside of `dest` through things like symlinks. Normally `ResolveSymlinksInScope` would handle this, however sanitizing symlinks in this manner is inherrently racey: ref: CVE-2018-15664

Types

This section is empty.

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL