Fix rootfs-upper tar to preserve opaque xattrs#12769
Open
copybara-service[bot] wants to merge 1 commit intomasterfrom
Open
Fix rootfs-upper tar to preserve opaque xattrs#12769copybara-service[bot] wants to merge 1 commit intomasterfrom
copybara-service[bot] wants to merge 1 commit intomasterfrom
Conversation
copybara-service bot force-pushed the test/cl886990834 branch 2 times, most recently from 987d8ba to f2f8a04 Compare 
## Summary - The `runsc tar rootfs-upper` command was not preserving extended attributes (xattrs) during serialization. This caused `trusted.overlay.opaque` to be lost, resulting in stale lower-layer files being resurrected when restoring from a tar snapshot. - Xattrs are now serialized to PAXRecords using the standard `SCHILY.xattr.` prefix during tar creation, and restored during tar extraction. - Added `RawXattrs`/`SetRawXattrs` methods to `SimpleExtendedAttributes` for unchecked access in the kernel serialization path. ## Test plan - [x] Added `TestTarRootfsUpperLayerOpaqueDir` regression test that deletes `/usr/share` (which has lower-layer files), recreates it with only a marker file, tars the upper layer, restores it, and verifies no stale files leak through. - [x] Verify the regression test fails on the parent commit (without the fix) by checking out `HEAD~1` and running the test. - [x] Run the full container test suite to check for regressions. 🤖 Generated with [Claude Code](https://claude.com/claude-code) FUTURE_COPYBARA_INTEGRATE_REVIEW=#12633 from danielnorberg:fix-tar-rootfs-upper-opaque-xattr 4c7c190 PiperOrigin-RevId: 886990834
copybara-service bot force-pushed the test/cl886990834 branch from f2f8a04 to 85d8688 Compare This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters. Learn more about bidirectional Unicode characters
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
1 participant
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Fix rootfs-upper tar to preserve opaque xattrs
Summary
runsc tar rootfs-uppercommand was not preserving extended attributes (xattrs) during serialization. This causedtrusted.overlay.opaqueto be lost, resulting in stale lower-layer files being resurrected when restoring from a tar snapshot.SCHILY.xattr.prefix during tar creation, and restored during tar extraction.RawXattrs/SetRawXattrsmethods toSimpleExtendedAttributesfor unchecked access in the kernel serialization path.Test plan
TestTarRootfsUpperLayerOpaqueDirregression test that deletes/usr/share(which has lower-layer files), recreates it with only a marker file, tars the upper layer, restores it, and verifies no stale files leak through.HEAD~1and running the test.🤖 Generated with Claude Code
FUTURE_COPYBARA_INTEGRATE_REVIEW=#12633 from danielnorberg:fix-tar-rootfs-upper-opaque-xattr 4c7c190