From a48353f83374c37480c98c463363873b95058e5f Mon Sep 17 00:00:00 2001 From: Radostin Stoyanov Date: Sat, 26 Aug 2017 21:41:51 +0100 Subject: Improve untar command Add "--overwrite" to enforce the overwrite of existing files. Add the flag "--absolute-names" to disable the strip of leading '/'s This is used to get around the error "Cannot open:Permission denied" which occurs when the qemu driver is used by virt-sandbox. It is used for unprivileged users to create isolated environment in which tar is executed to extract the content from container image layers. In particular this error occurs when the tar archive contains symbolic link which has target path starting with '/'. Steps to reproduce: $ mkdir /tmp/foo $ cd /tmp/foo $ touch file $ ln -s /tmp/foo/file link $ tar -cf archive.tar link $ mkdir /tmp/foo/dest $ virt-sandbox -c qemu:///session \ -m host-bind:/mnt=/tmp/foo/dest \ -- /bin/tar xf /tmp/foo/archive.tar -C /mnt Error message: tar: link: Cannot open: Permission denied tar: Exiting with failure status due to previous errors --- src/virtBootstrap/utils.py | 6 +++++- 1 file changed, 5 insertions(+), 1 deletion(-) (limited to 'src/virtBootstrap/utils.py') diff --git a/src/virtBootstrap/utils.py b/src/virtBootstrap/utils.py index 63ef57a..66cd301 100644 --- a/src/virtBootstrap/utils.py +++ b/src/virtBootstrap/utils.py @@ -106,7 +106,11 @@ def safe_untar(src, dest): # Compression type is auto detected from tar # Exclude files under /dev to avoid "Cannot mknod: Operation not permitted" - params = ['--', '/bin/tar', 'xf', src, '-C', '/mnt', '--exclude', 'dev/*'] + # Note: Here we use --absolute-names flag to get around the error message + # "Cannot open: Permission denied" when symlynks are extracted, with the + # qemu:/// driver. This flag must not be used outside virt-sandbox. + params = ['--', '/bin/tar', 'xf', src, '-C', '/mnt', '--exclude', 'dev/*', + '--overwrite', '--absolute-names'] execute(virt_sandbox + params) -- cgit