wip: tar and local exporter running with privileges

profnandaa · profnandaa · commit e7ceb63b3cff · 2024-06-10T17:24:05.000+03:00
TODO: need to cross-check that there is no way the
SeBackupPrivilege can be abused/exploited.

WIP: how best to handle the files to be exclused
without touching `fsutil`

Signed-off-by: Anthony Nandaa &lt;profnandaa@gmail.com&gt;
diff --git a/exporter/tar/export.go b/exporter/tar/export.go
@@ -166,7 +166,7 @@ func (e *localExporterInstance) Export(ctx context.Context, inp *exporter.Source
 		return nil, nil, err
 	}
 	report := progress.OneOff(ctx, "sending tarball")
-	if err := fsutil.WriteTar(ctx, fs, w); err != nil {
+	if err := writeTar(ctx, fs, w); err != nil {
 		w.Close()
 		return nil, nil, report(err)
 	}
diff --git a/exporter/tar/export_unix.go b/exporter/tar/export_unix.go
@@ -0,0 +1,15 @@
+//go:build !windows
+// +build !windows
+
+package local
+
+import (
+	"context"
+	"io"
+
+	"github.com/tonistiigi/fsutil"
+)
+
+func writeTar(ctx context.Context, fs fsutil.FS, w io.WriteCloser) error {
+	return fsutil.WriteTar(ctx, fs, w)
+}
diff --git a/exporter/tar/export_windows.go b/exporter/tar/export_windows.go
@@ -0,0 +1,18 @@
+package local
+
+import (
+	"context"
+	"io"
+
+	"github.com/Microsoft/go-winio"
+	"github.com/tonistiigi/fsutil"
+)
+
+func writeTar(ctx context.Context, fs fsutil.FS, w io.WriteCloser) error {
+	// Windows rootfs has a few special metadata files that
+	// require extra privileges to be accessed.
+	privileges := []string{winio.SeBackupPrivilege}
+	return winio.RunWithPrivileges(privileges, func() error {
+		return fsutil.WriteTar(ctx, fs, w)
+	})
+}
diff --git a/session/filesync/diffcopy.go b/session/filesync/diffcopy.go
@@ -21,10 +21,6 @@ type Stream interface {
 	RecvMsg(m interface{}) error
 }
 
-func sendDiffCopy(stream Stream, fs fsutil.FS, progress progressCb) error {
-	return errors.WithStack(fsutil.Send(stream.Context(), stream, fs, progress))
-}
-
 func newStreamWriter(stream grpc.ClientStream) io.WriteCloser {
 	wc := &streamWriterCloser{ClientStream: stream}
 	return &bufferedWriteCloser{Writer: bufio.NewWriter(wc), Closer: wc}
diff --git a/session/filesync/diffcopy_unix.go b/session/filesync/diffcopy_unix.go
@@ -0,0 +1,13 @@
+//go:build !windows
+// +build !windows
+
+package filesync
+
+import (
+	"github.com/pkg/errors"
+	"github.com/tonistiigi/fsutil"
+)
+
+func sendDiffCopy(stream Stream, fs fsutil.FS, progress progressCb) error {
+	return errors.WithStack(fsutil.Send(stream.Context(), stream, fs, progress))
+}
diff --git a/session/filesync/diffcopy_windows.go b/session/filesync/diffcopy_windows.go
@@ -0,0 +1,21 @@
+//go:build windows
+// +build windows
+
+package filesync
+
+import (
+	"github.com/Microsoft/go-winio"
+	"github.com/pkg/errors"
+	"github.com/tonistiigi/fsutil"
+)
+
+func sendDiffCopy(stream Stream, fs fsutil.FS, progress progressCb) error {
+	// adding one SeBackupPrivilege to the process so as to be able
+	// to run the subsequent goroutines in fsutil.Send that need
+	// to copy over special Windows metadata files.
+	// TODO(profnandaa): need to cross-check that this cannot be
+	// exploited in any way.
+	winio.EnableProcessPrivileges([]string{winio.SeBackupPrivilege})
+	defer winio.DisableProcessPrivileges([]string{winio.SeBackupPrivilege})
+	return errors.WithStack(fsutil.Send(stream.Context(), stream, fs, progress))
+}

Original file line number	Diff line number	Diff line change
`@@ -166,7 +166,7 @@ func (e localExporterInstance) Export(ctx context.Context, inp exporter.Source`
`166`	`166`	`return nil, nil, err`
`167`	`167`	`}`
`168`	`168`	`report := progress.OneOff(ctx, "sending tarball")`
`169`		`- if err := fsutil.WriteTar(ctx, fs, w); err != nil {`
	`169`	`+ if err := writeTar(ctx, fs, w); err != nil {`
`170`	`170`	`w.Close()`
`171`	`171`	`return nil, nil, report(err)`
`172`	`172`	`}`