modify tar extraction to account for user namespace
If we are running upstream with user namespaces, we need to create the
container filesystem not with the ownership preserved, but reflecting the
mapping we need to apply. Note that according to our documentation, we should
ignore this if the user explicitly requested an uid mapping of 0 (gid is
ignored in this case).
Our tooling doesn't allow any easy way to unpack a whol distribution with
offsets mechanically applied like this. We could do the whole unpacking in a
user namespace itself, but that does not come without problems on its own (for
instance, we won't be able to create any device files, we have to carefully
adjust permissions in the root directory, etc)
To work around that, we can employ a trick to allow container creation right
now, as well as to avoid compatibility problems: we will resort to LD_PRELOAD
to load a schim that captures calls to the chown family of system calls and
applies the offset manually.
[kir@: removed unused #defines, copyright year fixed]
Signed-off-by: Glauber Costa <glommer@parallels.com>
Signed-off-by: Kir Kolyshkin <kir@openvz.org>
5 files changed