pkg/archive: allow mknodding FIFO inside userns
Fix #41803
Also attempt to mknod devices.
Mknodding devices are likely to fail, but still worth trying when
running with a seccomp user notification.
Signed-off-by: Akihiro Suda <akihiro.suda.cz@hco.ntt.co.jp>
(cherry picked from commit d5d5cccb7ee1d081edd24391bd2b3da9db5f3373)
Signed-off-by: Akihiro Suda <akihiro.suda.cz@hco.ntt.co.jp>
diff --git a/pkg/archive/archive_unix.go b/pkg/archive/archive_unix.go
index d626336..85f350b 100644
--- a/pkg/archive/archive_unix.go
+++ b/pkg/archive/archive_unix.go
@@ -81,11 +81,6 @@
// handleTarTypeBlockCharFifo is an OS-specific helper function used by
// createTarFile to handle the following types of header: Block; Char; Fifo
func handleTarTypeBlockCharFifo(hdr *tar.Header, path string) error {
- if rsystem.RunningInUserNS() {
- // cannot create a device if running in user namespace
- return nil
- }
-
mode := uint32(hdr.Mode & 07777)
switch hdr.Typeflag {
case tar.TypeBlock:
@@ -96,7 +91,12 @@
mode |= unix.S_IFIFO
}
- return system.Mknod(path, mode, int(system.Mkdev(hdr.Devmajor, hdr.Devminor)))
+ err := system.Mknod(path, mode, int(system.Mkdev(hdr.Devmajor, hdr.Devminor)))
+ if errors.Is(err, syscall.EPERM) && rsystem.RunningInUserNS() {
+ // In most cases, cannot create a device if running in user namespace
+ err = nil
+ }
+ return err
}
func handleLChmod(hdr *tar.Header, path string, hdrInfo os.FileInfo) error {