pkg/system: add mimicked xattr syscalls on FreeBSD

drivers/chown_darwin.go

@@ -83,7 +83,7 @@ func (c *platformChowner) LChown(path string, info os.FileInfo, toHost, toContai
 	}
 	if uid != int(st.Uid) || gid != int(st.Gid) {
 		capability, err := system.Lgetxattr(path, "security.capability")
-		if err != nil && !errors.Is(err, system.EOPNOTSUPP) && err != system.ErrNotSupportedPlatform {
+		if err != nil && !errors.Is(err, system.ENOTSUP) && err != system.ErrNotSupportedPlatform {
 			return fmt.Errorf("%s: %w", os.Args[0], err)
 		}
 

drivers/chown_unix.go

@@ -101,7 +101,7 @@ func (c *platformChowner) LChown(path string, info os.FileInfo, toHost, toContai
 	}
 	if uid != int(st.Uid) || gid != int(st.Gid) {
 		cap, err := system.Lgetxattr(path, "security.capability")
-		if err != nil && !errors.Is(err, system.EOPNOTSUPP) && !errors.Is(err, system.EOVERFLOW) && err != system.ErrNotSupportedPlatform {
+		if err != nil && !errors.Is(err, system.ENOTSUP) && !errors.Is(err, system.EOVERFLOW) && err != system.ErrNotSupportedPlatform {
 			return fmt.Errorf("%s: %w", os.Args[0], err)
 		}
 

drivers/copy/copy_linux.go

@@ -106,7 +106,7 @@ func legacyCopy(srcFile io.Reader, dstFile io.Writer) error {
 
 func copyXattr(srcPath, dstPath, attr string) error {
 	data, err := system.Lgetxattr(srcPath, attr)
-	if err != nil && !errors.Is(err, unix.EOPNOTSUPP) {
+	if err != nil && !errors.Is(err, system.ENOTSUP) {
 		return err
 	}
 	if data != nil {
@@ -279,7 +279,7 @@ func doCopyXattrs(srcPath, dstPath string) error {
 	}
 
 	xattrs, err := system.Llistxattr(srcPath)
-	if err != nil && !errors.Is(err, unix.EOPNOTSUPP) {
+	if err != nil && !errors.Is(err, system.ENOTSUP) {
 		return err
 	}
 

drivers/overlay/check_116.go

@@ -10,7 +10,6 @@ import (
 
 	"github.com/containers/storage/pkg/archive"
 	"github.com/containers/storage/pkg/system"
-	"golang.org/x/sys/unix"
 )
 
 func scanForMountProgramIndicators(home string) (detected bool, err error) {
@@ -28,7 +27,7 @@ func scanForMountProgramIndicators(home string) (detected bool, err error) {
 		}
 		if d.IsDir() {
 			xattrs, err := system.Llistxattr(path)
-			if err != nil && !errors.Is(err, unix.EOPNOTSUPP) {
+			if err != nil && !errors.Is(err, system.ENOTSUP) {
 				return err
 			}
 			for _, xattr := range xattrs {

pkg/archive/archive.go

@@ -427,7 +427,7 @@ func readSecurityXattrToTarHeader(path string, hdr *tar.Header) error {
 	}
 	for _, xattr := range []string{"security.capability", "security.ima"} {
 		capability, err := system.Lgetxattr(path, xattr)
-		if err != nil && !errors.Is(err, system.EOPNOTSUPP) && err != system.ErrNotSupportedPlatform {
+		if err != nil && !errors.Is(err, system.ENOTSUP) && err != system.ErrNotSupportedPlatform {
 			return fmt.Errorf("failed to read %q attribute from %q: %w", xattr, path, err)
 		}
 		if capability != nil {
@@ -440,7 +440,7 @@ func readSecurityXattrToTarHeader(path string, hdr *tar.Header) error {
 // readUserXattrToTarHeader reads user.* xattr from filesystem to a tar header
 func readUserXattrToTarHeader(path string, hdr *tar.Header) error {
 	xattrs, err := system.Llistxattr(path)
-	if err != nil && !errors.Is(err, system.EOPNOTSUPP) && err != system.ErrNotSupportedPlatform {
+	if err != nil && !errors.Is(err, system.ENOTSUP) && err != system.ErrNotSupportedPlatform {
 		return err
 	}
 	for _, key := range xattrs {
@@ -792,8 +792,8 @@ func createTarFile(path, extractDir string, hdr *tar.Header, reader io.Reader, L
 		if _, found := xattrsToIgnore[xattrKey]; found {
 			continue
 		}
-		if err := setExtendedAttribute(path, xattrKey, []byte(value)); err != nil {
-			if errors.Is(err, syscall.ENOTSUP) || (inUserns && errors.Is(err, syscall.EPERM)) {
+		if err := system.Lsetxattr(path, xattrKey, []byte(value), 0); err != nil {
+			if errors.Is(err, system.ENOTSUP) || (inUserns && errors.Is(err, syscall.EPERM)) {
 				// Ignore specific error cases:
 				// - ENOTSUP: Expected for graphdrivers lacking extended attribute support:
 				//   - Legacy AUFS versions

pkg/archive/changes_linux.go

@@ -87,11 +87,11 @@ func walkchunk(path string, fi os.FileInfo, dir string, root *FileInfo) error {
 	}
 	info.stat = stat
 	info.capability, err = system.Lgetxattr(cpath, "security.capability") // lgetxattr(2): fs access
-	if err != nil && !errors.Is(err, system.EOPNOTSUPP) {
+	if err != nil && !errors.Is(err, system.ENOTSUP) {
 		return err
 	}
 	xattrs, err := system.Llistxattr(cpath)
-	if err != nil && !errors.Is(err, system.EOPNOTSUPP) {
+	if err != nil && !errors.Is(err, system.ENOTSUP) {
 		return err
 	}
 	for _, key := range xattrs {

pkg/system/extattr_freebsd.go

@@ -64,9 +64,6 @@ func ExtattrListLink(path string, attrnamespace int) ([]string, error) {
 	size, errno := unix.ExtattrListLink(path, attrnamespace,
 		uintptr(unsafe.Pointer(nil)), 0)
 	if errno != nil {
-		if errno == unix.ENOATTR {
-			return nil, nil
-		}
 		return nil, &os.PathError{Op: "extattr_list_link", Path: path, Err: errno}
 	}
 	if size == 0 {

pkg/system/xattrs_darwin.go

@@ -12,7 +12,7 @@ const (
 	E2BIG unix.Errno = unix.E2BIG
 
 	// Operation not supported
-	EOPNOTSUPP unix.Errno = unix.EOPNOTSUPP
+	ENOTSUP unix.Errno = unix.ENOTSUP
 )
 
 // Lgetxattr retrieves the value of the extended attribute identified by attr

pkg/system/xattrs_freebsd.go

@@ -0,0 +1,85 @@
+package system
+
+import (
+	"strings"
+
+	"golang.org/x/sys/unix"
+)
+
+const (
+	// Value is larger than the maximum size allowed
+	E2BIG unix.Errno = unix.E2BIG
+
+	// Operation not supported
+	ENOTSUP unix.Errno = unix.ENOTSUP
+
+	// Value is too small or too large for maximum size allowed
+	EOVERFLOW unix.Errno = unix.EOVERFLOW
+)
+
+var (
+	namespaceMap = map[string]int{
+		"user":   EXTATTR_NAMESPACE_USER,
+		"system": EXTATTR_NAMESPACE_SYSTEM,
+	}
+)
+
+func xattrToExtattr(xattr string) (namespace int, extattr string, err error) {
+	namespaceName, extattr, found := strings.Cut(xattr, ".")
+	if !found {
+		return -1, "", ENOTSUP
+	}
+
+	namespace, ok := namespaceMap[namespaceName]
+	if !ok {
+		return -1, "", ENOTSUP
+	}
+	return namespace, extattr, nil
+}
+
+// Lgetxattr retrieves the value of the extended attribute identified by attr
+// and associated with the given path in the file system.
+// Returns a []byte slice if the xattr is set and nil otherwise.
+func Lgetxattr(path string, attr string) ([]byte, error) {
+	namespace, extattr, err := xattrToExtattr(attr)
+	if err != nil {
+		return nil, err
+	}
+	return ExtattrGetLink(path, namespace, extattr)
+}
+
+// Lsetxattr sets the value of the extended attribute identified by attr
+// and associated with the given path in the file system.
+func Lsetxattr(path string, attr string, value []byte, flags int) error {
+	if flags != 0 {
+		// FIXME: Flags are not supported on FreeBSD, but we can implement
+		// them mimicking the behavior of the Linux implementation.
+		// See lsetxattr(2) on Linux for more information.
+		return ENOTSUP
+	}
+
+	namespace, extattr, err := xattrToExtattr(attr)
+	if err != nil {
+		return err
+	}
+	return ExtattrSetLink(path, namespace, extattr, value)
+}
+
+// Llistxattr lists extended attributes associated with the given path
+// in the file system.
+func Llistxattr(path string) ([]string, error) {
+	attrs := []string{}
+
+	for namespaceName, namespace := range namespaceMap {
+		namespaceAttrs, err := ExtattrListLink(path, namespace)
+		if err != nil {
+			return nil, err
+		}
+
+		for _, attr := range namespaceAttrs {
+			attrs = append(attrs, namespaceName+"."+attr)
+		}
+	}
+
+	return attrs, nil
+}

pkg/system/xattrs_linux.go

@@ -12,7 +12,7 @@ const (
 	E2BIG unix.Errno = unix.E2BIG
 
 	// Operation not supported
-	EOPNOTSUPP unix.Errno = unix.EOPNOTSUPP
+	ENOTSUP unix.Errno = unix.ENOTSUP
 
 	// Value is too small or too large for maximum size allowed
 	EOVERFLOW unix.Errno = unix.EOVERFLOW

pkg/system/xattrs_unsupported.go

@@ -1,4 +1,4 @@
-//go:build !linux && !darwin
+//go:build !linux && !darwin && !freebsd
 
 package system
 
@@ -9,7 +9,7 @@ const (
 	E2BIG syscall.Errno = syscall.Errno(0)
 
 	// Operation not supported
-	EOPNOTSUPP syscall.Errno = syscall.Errno(0)
+	ENOTSUP syscall.Errno = syscall.Errno(0)
 
 	// Value is too small or too large for maximum size allowed
 	EOVERFLOW syscall.Errno = syscall.Errno(0)