chrootarchive

package
v24.0.2 Latest Latest
Warning

This package is not in the latest version of its module.

Go to latest
Published: May 25, 2023 License: Apache-2.0 Imports: 15 Imported by: 0

Documentation

Index

Constants

This section is empty.

Variables

This section is empty.

Functions

func ApplyLayer

func ApplyLayer(dest string, layer io.Reader) (size int64, err error)

ApplyLayer parses a diff in the standard layer format from `layer`, and applies it to the directory `dest`. The stream `layer` can only be uncompressed. Returns the size in bytes of the contents of the layer.

func ApplyUncompressedLayer

func ApplyUncompressedLayer(dest string, layer io.Reader, options *archive.TarOptions) (int64, error)

ApplyUncompressedLayer parses a diff in the standard layer format from `layer`, and applies it to the directory `dest`. The stream `layer` can only be uncompressed. Returns the size in bytes of the contents of the layer.

func NewArchiver

func NewArchiver(idMapping idtools.IdentityMapping) *archive.Archiver

NewArchiver returns a new Archiver which uses chrootarchive.Untar

func Tar

func Tar(srcPath string, options *archive.TarOptions, root string) (io.ReadCloser, error)

Tar tars the requested path while chrooted to the specified root.

func Untar

func Untar(tarArchive io.Reader, dest string, options *archive.TarOptions) error

Untar reads a stream of bytes from `archive`, parses it as a tar archive, and unpacks it into the directory at `dest`. The archive may be compressed with one of the following algorithms: identity (uncompressed), gzip, bzip2, xz.

func UntarUncompressed

func UntarUncompressed(tarArchive io.Reader, dest string, options *archive.TarOptions) error

UntarUncompressed reads a stream of bytes from `archive`, parses it as a tar archive, and unpacks it into the directory at `dest`. The archive must be an uncompressed stream.

func UntarWithRoot

func UntarWithRoot(tarArchive io.Reader, dest string, options *archive.TarOptions, root string) error

UntarWithRoot is the same as `Untar`, but allows you to pass in a root directory The root directory is the directory that will be chrooted to. `dest` must be a path within `root`, if it is not an error will be returned.

`root` should set to a directory which is not controlled by any potentially malicious process.

This should be used to prevent a potential attacker from manipulating `dest` such that it would provide access to files outside of `dest` through things like symlinks. Normally `ResolveSymlinksInScope` would handle this, however sanitizing symlinks in this manner is inherrently racey: ref: CVE-2018-15664

Types

This section is empty.

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL