docker: github.com/docker/docker/pkg/chrootarchive Index | Files

package chrootarchive

import "github.com/docker/docker/pkg/chrootarchive"

Index

Package Files

archive.go archive_unix.go chroot_linux.go diff.go diff_unix.go init_unix.go

func ApplyLayer Uses

func ApplyLayer(dest string, layer io.Reader) (size int64, err error)

ApplyLayer parses a diff in the standard layer format from `layer`, and applies it to the directory `dest`. The stream `layer` can only be uncompressed. Returns the size in bytes of the contents of the layer.

func ApplyUncompressedLayer Uses

func ApplyUncompressedLayer(dest string, layer io.Reader, options *archive.TarOptions) (int64, error)

ApplyUncompressedLayer parses a diff in the standard layer format from `layer`, and applies it to the directory `dest`. The stream `layer` can only be uncompressed. Returns the size in bytes of the contents of the layer.

func NewArchiver Uses

func NewArchiver(idMapping *idtools.IdentityMapping) *archive.Archiver

NewArchiver returns a new Archiver which uses chrootarchive.Untar

func Tar Uses

func Tar(srcPath string, options *archive.TarOptions, root string) (io.ReadCloser, error)

Tar tars the requested path while chrooted to the specified root.

func Untar Uses

func Untar(tarArchive io.Reader, dest string, options *archive.TarOptions) error

Untar reads a stream of bytes from `archive`, parses it as a tar archive, and unpacks it into the directory at `dest`. The archive may be compressed with one of the following algorithms:

identity (uncompressed), gzip, bzip2, xz.

func UntarUncompressed Uses

func UntarUncompressed(tarArchive io.Reader, dest string, options *archive.TarOptions) error

UntarUncompressed reads a stream of bytes from `archive`, parses it as a tar archive, and unpacks it into the directory at `dest`. The archive must be an uncompressed stream.

func UntarWithRoot Uses

func UntarWithRoot(tarArchive io.Reader, dest string, options *archive.TarOptions, root string) error

UntarWithRoot is the same as `Untar`, but allows you to pass in a root directory The root directory is the directory that will be chrooted to. `dest` must be a path within `root`, if it is not an error will be returned.

`root` should set to a directory which is not controlled by any potentially malicious process.

This should be used to prevent a potential attacker from manipulating `dest` such that it would provide access to files outside of `dest` through things like symlinks. Normally `ResolveSymlinksInScope` would handle this, however sanitizing symlinks in this manner is inherrently racey: ref: CVE-2018-15664

Package chrootarchive imports 21 packages (graph) and is imported by 5637 packages. Updated 2020-12-21. Refresh now. Tools for package owners.