summaryrefslogtreecommitdiff
path: root/vendor/github.com
diff options
context:
space:
mode:
authordependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>2021-06-03 09:34:37 +0000
committerGitHub <noreply@github.com>2021-06-03 09:34:37 +0000
commit48ea142ca5a94a386593802b8068ce53de72b3ec (patch)
treee2c5590ea5ac2b08ff298fa8b4c00ac4f4a7b3e2 /vendor/github.com
parentb64e20a53d3f5de262f2c475be490b35977d5f32 (diff)
downloadpodman-48ea142ca5a94a386593802b8068ce53de72b3ec.tar.gz
podman-48ea142ca5a94a386593802b8068ce53de72b3ec.tar.bz2
podman-48ea142ca5a94a386593802b8068ce53de72b3ec.zip
Bump github.com/docker/docker
Bumps [github.com/docker/docker](https://github.com/docker/docker) from 20.10.6+incompatible to 20.10.7+incompatible. - [Release notes](https://github.com/docker/docker/releases) - [Changelog](https://github.com/moby/moby/blob/master/CHANGELOG.md) - [Commits](https://github.com/docker/docker/compare/v20.10.6...v20.10.7) --- updated-dependencies: - dependency-name: github.com/docker/docker dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <support@github.com>
Diffstat (limited to 'vendor/github.com')
-rw-r--r--vendor/github.com/docker/docker/pkg/archive/archive.go16
1 files changed, 15 insertions, 1 deletions
diff --git a/vendor/github.com/docker/docker/pkg/archive/archive.go b/vendor/github.com/docker/docker/pkg/archive/archive.go
index 8d14b7869..50b83c62c 100644
--- a/vendor/github.com/docker/docker/pkg/archive/archive.go
+++ b/vendor/github.com/docker/docker/pkg/archive/archive.go
@@ -402,10 +402,24 @@ func fillGo18FileTypeBits(mode int64, fi os.FileInfo) int64 {
// ReadSecurityXattrToTarHeader reads security.capability xattr from filesystem
// to a tar header
func ReadSecurityXattrToTarHeader(path string, hdr *tar.Header) error {
+ const (
+ // Values based on linux/include/uapi/linux/capability.h
+ xattrCapsSz2 = 20
+ versionOffset = 3
+ vfsCapRevision2 = 2
+ vfsCapRevision3 = 3
+ )
capability, _ := system.Lgetxattr(path, "security.capability")
if capability != nil {
+ length := len(capability)
+ if capability[versionOffset] == vfsCapRevision3 {
+ // Convert VFS_CAP_REVISION_3 to VFS_CAP_REVISION_2 as root UID makes no
+ // sense outside the user namespace the archive is built in.
+ capability[versionOffset] = vfsCapRevision2
+ length = xattrCapsSz2
+ }
hdr.Xattrs = make(map[string]string)
- hdr.Xattrs["security.capability"] = string(capability)
+ hdr.Xattrs["security.capability"] = string(capability[:length])
}
return nil
}