summaryrefslogtreecommitdiff
path: root/vendor
diff options
context:
space:
mode:
Diffstat (limited to 'vendor')
-rw-r--r--vendor/github.com/docker/docker/pkg/archive/archive.go16
-rw-r--r--vendor/modules.txt2
2 files changed, 16 insertions, 2 deletions
diff --git a/vendor/github.com/docker/docker/pkg/archive/archive.go b/vendor/github.com/docker/docker/pkg/archive/archive.go
index 8d14b7869..50b83c62c 100644
--- a/vendor/github.com/docker/docker/pkg/archive/archive.go
+++ b/vendor/github.com/docker/docker/pkg/archive/archive.go
@@ -402,10 +402,24 @@ func fillGo18FileTypeBits(mode int64, fi os.FileInfo) int64 {
// ReadSecurityXattrToTarHeader reads security.capability xattr from filesystem
// to a tar header
func ReadSecurityXattrToTarHeader(path string, hdr *tar.Header) error {
+ const (
+ // Values based on linux/include/uapi/linux/capability.h
+ xattrCapsSz2 = 20
+ versionOffset = 3
+ vfsCapRevision2 = 2
+ vfsCapRevision3 = 3
+ )
capability, _ := system.Lgetxattr(path, "security.capability")
if capability != nil {
+ length := len(capability)
+ if capability[versionOffset] == vfsCapRevision3 {
+ // Convert VFS_CAP_REVISION_3 to VFS_CAP_REVISION_2 as root UID makes no
+ // sense outside the user namespace the archive is built in.
+ capability[versionOffset] = vfsCapRevision2
+ length = xattrCapsSz2
+ }
hdr.Xattrs = make(map[string]string)
- hdr.Xattrs["security.capability"] = string(capability)
+ hdr.Xattrs["security.capability"] = string(capability[:length])
}
return nil
}
diff --git a/vendor/modules.txt b/vendor/modules.txt
index 60f50eee8..fbf1075f7 100644
--- a/vendor/modules.txt
+++ b/vendor/modules.txt
@@ -280,7 +280,7 @@ github.com/docker/distribution/registry/client/auth/challenge
github.com/docker/distribution/registry/client/transport
github.com/docker/distribution/registry/storage/cache
github.com/docker/distribution/registry/storage/cache/memory
-# github.com/docker/docker v20.10.6+incompatible
+# github.com/docker/docker v20.10.7+incompatible
github.com/docker/docker/api
github.com/docker/docker/api/types
github.com/docker/docker/api/types/blkiodev