From edd74778912db5d4ae261f17d2ea8695d9e9ee0a Mon Sep 17 00:00:00 2001 From: Ben Nemec Date: Wed, 1 Oct 2014 17:18:00 -0500 Subject: [PATCH] Save extended attributes when creating tar The way redhat-common's extract-image script was creating the base tarball caused file capabilities to get dropped, which meant that things like ping in RHEL 7 images was unusable for regular users. This change adds the necessary options to the tar call to maintain as many extended attributes as possible. --acls and --selinux are intentionally omitted, and the selinux xattrs are filtered out because all of those items cause issues in our chroot environment. We restore selinux attributes at the end of the build anyway so that shouldn't be a problem. bz reference: https://bugzilla.redhat.com/show_bug.cgi?id=1144149 Change-Id: Ibff99ce9bde01bc5ecf95dc3a5d3e2cebe5015b9 --- elements/redhat-common/bin/extract-image | 6 ++++-- 1 file changed, 4 insertions(+), 2 deletions(-) diff --git a/elements/redhat-common/bin/extract-image b/elements/redhat-common/bin/extract-image index 594dc91d..adfba02f 100755 --- a/elements/redhat-common/bin/extract-image +++ b/elements/redhat-common/bin/extract-image @@ -73,7 +73,7 @@ function extract_image() { trap "$EACTION" EXIT # Chroot in so that we get the correct uid/gid - sudo chroot $WORKING/mnt bin/tar -cz . > $WORKING/tmp.tar + sudo chroot $WORKING/mnt bin/tar --xattrs --xattrs-include='*' --xattrs-exclude='security.selinux' -cz . > $WORKING/tmp.tar mv $WORKING/tmp.tar $CACHED_TAR else echo "Using cached tar from $CACHED_TAR" @@ -82,8 +82,10 @@ function extract_image() { # Extract the base image (use --numeric-owner to avoid UID/GID mismatch between # image tarball and host OS e.g. when building Fedora image on an openSUSE host) + # Include all xattrs except selinux because the selinux ones cause issues in our + # chroot environment, and we restore all of those at the end of the build anyway. echo "Extracting base root image from $CACHED_TAR" - sudo tar -C $TARGET_ROOT --numeric-owner -xzf $CACHED_TAR + sudo tar -C $TARGET_ROOT --numeric-owner --xattrs --xattrs-include='*' --xattrs-exclude='security.selinux' -xzf $CACHED_TAR } (