From 2a736a7e49e757291766c3cd1794153a08ebedca Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Miloslav=20Trma=C4=8D?= <mitr@redhat.com>
Date: Fri, 13 Dec 2024 00:06:07 +0100
Subject: [PATCH] Fix SafeChown when ContainersOverrideXattr is unset
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

This happens e.g. in idtools.MkdirAllAndChownNew .

Signed-off-by: Miloslav Trmač <mitr@redhat.com>
---
 pkg/idtools/idtools.go | 18 +++++++++++++++---
 1 file changed, 15 insertions(+), 3 deletions(-)

diff --git a/pkg/idtools/idtools.go b/pkg/idtools/idtools.go
index d90f6c0662..299bdbef7f 100644
--- a/pkg/idtools/idtools.go
+++ b/pkg/idtools/idtools.go
@@ -422,7 +422,7 @@ func GetContainersOverrideXattr(path string) (Stat, error) {
 	if err != nil {
 		return Stat{}, err
 	}
-	return parseOverrideXattr(xstat)
+	return parseOverrideXattr(xstat) // This will fail if (xstat, err) == (nil, nil), i.e. the xattr does not exist.
 }
 
 func parseOverrideXattr(xstat []byte) (Stat, error) {
@@ -522,11 +522,17 @@ func SafeChown(name string, uid, gid int) error {
 			Mode: os.FileMode(0o0700),
 		}
 		xstat, err := system.Lgetxattr(name, ContainersOverrideXattr)
-		if err == nil {
+		if err == nil && xstat != nil {
 			stat, err = parseOverrideXattr(xstat)
 			if err != nil {
 				return err
 			}
+		} else {
+			st, err := os.Stat(name) // Ideally we would share this with system.Stat below, but then we would need to convert Mode.
+			if err != nil {
+				return err
+			}
+			stat.Mode = st.Mode()
 		}
 		stat.IDs = IDPair{UID: uid, GID: gid}
 		if err = SetContainersOverrideXattr(name, stat); err != nil {
@@ -549,11 +555,17 @@ func SafeLchown(name string, uid, gid int) error {
 			Mode: os.FileMode(0o0700),
 		}
 		xstat, err := system.Lgetxattr(name, ContainersOverrideXattr)
-		if err == nil {
+		if err == nil && xstat != nil {
 			stat, err = parseOverrideXattr(xstat)
 			if err != nil {
 				return err
 			}
+		} else {
+			st, err := os.Lstat(name) // Ideally we would share this with system.Stat below, but then we would need to convert Mode.
+			if err != nil {
+				return err
+			}
+			stat.Mode = st.Mode()
 		}
 		stat.IDs = IDPair{UID: uid, GID: gid}
 		if err = SetContainersOverrideXattr(name, stat); err != nil {