Merge pull request #125 from AkihiroSuda/dev

Skip setting xattrs when running as non-root
reproducible-containers · Aug 16, 2024 · 2b45a09 · 2b45a09
2 parents 8163257 + 692e442
commit 2b45a09
Showing 1 changed file with 16 additions and 0 deletions.
diff --git a/pkg/diff/diff.go b/pkg/diff/diff.go
@@ -10,6 +10,7 @@ import (
 	"os"
 	"path"
 	"path/filepath"
+	"runtime"
 	"slices"
 	"sort"
 	"strconv"
@@ -700,6 +701,21 @@ func (d *differ) loadLayer(ctx context.Context, node *EventTreeNode, inputIdx in
 			hdr.Name = strings.TrimPrefix(hdr.Name, "/")
 			hdr.Name = strings.TrimPrefix(hdr.Name, "./")
 		}
+		if os.Geteuid() != 0 && runtime.GOOS == "linux" {
+			//nolint:staticcheck // SA1019: hdr.Xattrs has been deprecated since Go 1.10: Use PAXRecords instead.
+			for k := range hdr.Xattrs {
+				if strings.HasPrefix(k, "security.") {
+					log.G(ctx).Debugf("Ignoring xattr %q", k)
+					delete(hdr.Xattrs, k)
+				}
+			}
+			for k := range hdr.PAXRecords {
+				if strings.HasPrefix(k, "SCHILY.xattr.security.") {
+					log.G(ctx).Debugf("Ignoring PAX record %q", k)
+					delete(hdr.PAXRecords, k)
+				}
+			}
+		}
 		res.entries++
 		ent := &TarEntry{
 			Index:  i,