This repository was archived by the owner on Oct 13, 2023. It is now read-only.
[18.09 backport] Fix docker cp when container source path is / #286
Conversation
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
CID=$(docker create alpine) docker cp $CID:/ out Signed-off-by: Brian Goff <[email protected]> Signed-off-by: Tibor Vass <[email protected]> (cherry picked from commit 6db9f1c) Signed-off-by: Sebastiaan van Stijn <[email protected]>
Signed-off-by: Tibor Vass <[email protected]> (cherry picked from commit 02f1eb8) Signed-off-by: Sebastiaan van Stijn <[email protected]>
Before 7a7357d, archive.TarResourceRebase was being used to copy files and folders from the container. That function splits the source path into a dirname + basename pair to support copying a file: if you wanted to tar `dir/file` it would tar from `dir` the file `file` (as part of the IncludedFiles option). However, that path splitting logic was kept for folders as well, which resulted in weird inputs to archive.TarWithOptions: if you wanted to tar `dir1/dir2` it would tar from `dir1` the directory `dir2` (as part of IncludedFiles option). Although it was weird, it worked fine until we started chrooting into the container rootfs when doing a `docker cp` with container source set to `/` (cf 3029e76). The fix is to only do the path splitting logic if the source is a file. Unfortunately, 7a7357d added support for LCOW by duplicating some of this subtle logic. Ideally we would need to do more refactoring of the archive codebase to properly encapsulate these behaviors behind well- documented APIs. This fix does not do that. Instead, it fixes the issue inline. Signed-off-by: Tibor Vass <[email protected]> (cherry picked from commit 171538c) Signed-off-by: Sebastiaan van Stijn <[email protected]>
Previously, getWalkRoot("/", "foo") would return "//foo"
Now it returns "/foo"
Signed-off-by: Tibor Vass <[email protected]>
(cherry picked from commit 7410f1a)
Signed-off-by: Sebastiaan van Stijn <[email protected]>
Member
Author
|
ping @tiborvass @kolyshkin @andrewhsu PTAL |
|
Member
Author
|
ah, booh |
For reference on why this is needed: docker-archive#280 (comment) Signed-off-by: Tibor Vass <[email protected]> (cherry picked from commit 8f4b96f) Signed-off-by: Sebastiaan van Stijn <[email protected]>
Member
Author
|
cherry-picked 8f4b96f |
Member
Author
|
only failures are tracked through moby#39352 and on Janky https://jenkins.dockerproject.org/job/Docker-PRs/54598/console |
|
@kolyshkin kicked job again: https://jenkins.dockerproject.org/job/Docker-PRs/54613/console |
|
kicked the janky ci as I haven't seen this earlier:
and it looks like another manifestation of that elusive flakiness we have it |
|
Looks like latest job run has success: |
Sign up for free
to subscribe to this conversation on GitHub.
Already have an account?
Sign in.
4 participants
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
backport of moby#39357 for 18.09
Another attempt at fixing moby#39348
Fixes moby#39348
Previous attempt at moby#39351
Before 7a7357d, archive.TarResourceRebase was being used to copy files
and folders from the container. That function splits the source path
into a dirname + basename pair to support copying a file:
if you wanted to tar
dir/fileit would tar fromdirthe filefile(as part of the IncludedFiles option).
However, that path splitting logic was kept for folders as well, which
resulted in weird inputs to archive.TarWithOptions:
if you wanted to tar
dir1/dir2it would tar fromdir1the directorydir2(as part of IncludedFiles option).Although it was weird, it worked fine until we started chrooting into
the container rootfs when doing a
docker cpwith container source setto
/(cf 3029e76 (moby#39292)).The fix is to only do the path splitting logic if the source is a file.
Unfortunately, 7a7357d added support for LCOW by duplicating some of
this subtle logic. Ideally we would need to do more refactoring of the
archive codebase to properly encapsulate these behaviors behind well-
documented APIs.
This fix does not do that. Instead, it fixes the issue inline.
Signed-off-by: Tibor Vass [email protected]
I added a couple of more tests than the actual issue needs, just to make sure there are no other regressions compared to before the cve fix (3029e76).
Huge thanks to @cpuguy83 ❤️who worked tirelessly with me to understand the code and make this PR.