Score:1

Tar a file along with preserved file capabilities

ve flag

We are building a root filesystem of Ubuntu 20.04 with packages installed using debootstrap and finally tar it using:

tar -c --use-compress-program=pigz -f $ROOTFS --numeric-owner -C $TMPDIR .

Eventually, when we untar the root filesystem, the file capabilities are lost. For example, ping loses its cap_net_raw+ep capability and this is causing untoward behaviour in production.

I tried passing various tar parameters to preserve the file capabilities but failed to do so. Guidance on this would be of great help.

For very simplistic reproduction:

# cd /bin && getcap /bin/ping && rm -f blah.tar && tar --preserve-permissions --xattrs --xattrs-include=*.* -cf ~/blah.tar ping && cd -
/bin/ping = cap_net_raw+ep
/root

# tar -xf blah.tar && getcap ./ping
#
muru avatar
us flag
You need to include xattrs when extracting too
Aravindhan Krishnan avatar
ve flag
Thanks, that seems to work. What would be minimal set of arguments needed to preserve file capabilities apart from the tar parameters used in: `tar -c --use-compress-program=pigz -f $ROOTFS --numeric-owner -C $TMPDIR .`
mangohost

Post an answer

Most people don’t grasp that asking a lot of questions unlocks learning and improves interpersonal bonding. In Alison’s studies, for example, though people could accurately recall how many questions had been asked in their conversations, they didn’t intuit the link between questions and liking. Across four studies, in which participants were engaged in conversations themselves or read transcripts of others’ conversations, people tended not to realize that question asking would influence—or had influenced—the level of amity between the conversationalists.