fix(WCOW): fix file access failure for multistage builds #5289
Conversation
billywr
changed the title
billywr
changed the title
There was a problem hiding this comment.
And fix the CI build failures.
Can add an explanation in the commit body and PR description that this failure is only observed on the Windows Client SKUs (e.g. Windows 11), but works okay on server e.g. WS2022. I however, came across some similar failure in WS2022 too but a different scenario, I'll need to check my notes and send to you.
billywr
force-pushed
the
wcow-copy-from-multistage-builds-failure
branch
3 times, most recently
from
b77425f
to
3c42087
Compare
billywr
force-pushed
the
wcow-copy-from-multistage-builds-failure
branch
from
3c42087
to
f2af587
Compare
billywr
force-pushed
the
wcow-copy-from-multistage-builds-failure
branch
from
f2af587
to
d60c5c4
Compare
|
WIP: working on a way to avoid lots of code duplication |
billywr
force-pushed
the
wcow-copy-from-multistage-builds-failure
branch
6 times, most recently
from
7b29abb
to
518e948
Compare
I could have mistaken, not found it. Found this that I had noted as a repro, but ran it on WS2022 and runs ok. Can just count-check on Win11 with your fix: FROM mcr.microsoft.com/windows/nanoserver:ltsc2022 as base
USER ContainerAdministrator
RUN echo aa> /foo
WORKDIR /bar
FROM base as base1
COPY hello.txt .
FROM base as base2
COPY --from=base1 /bar/hello.txt .
RUN exit 0
FROM mcr.microsoft.com/windows/nanoserver:ltsc2022
COPY --from=base2 /foo /f |
billywr
changed the title
billywr
force-pushed
the
wcow-copy-from-multistage-builds-failure
branch
4 times, most recently
from
f6b6486
to
8fac5d2
Compare
billywr
force-pushed
the
wcow-copy-from-multistage-builds-failure
branch
from
8fac5d2
to
790713c
Compare
billywr
force-pushed
the
wcow-copy-from-multistage-builds-failure
branch
from
790713c
to
c2a772b
Compare
billywr
force-pushed
the
wcow-copy-from-multistage-builds-failure
branch
3 times, most recently
from
065deca
to
0e9a71f
Compare
Fixes: moby#5193 Signed-off-by: Billy Owire <billyowire95@gmail.com>
billywr
force-pushed
the
wcow-copy-from-multistage-builds-failure
branch
from
0e9a71f
to
6e35a7a
Compare
| // elevating the admin privileges to walk special files/directory | ||
| // like `System Volume Information`, etc. See similar in #4994 | ||
| privileges := []string{winio.SeBackupPrivilege} | ||
| return winio.RunWithPrivileges(privileges, func() error { |
There was a problem hiding this comment.
I believe there was a list of paths which should be excluded if I remember correctly. A number of metadata files, some of which (if not all) are listed here:
There was a problem hiding this comment.
I opened an issue for that some time back #5011, I noticed that that list keeps growing and maintaining a whitelist is going to be a chase game. However, we can rethink it.
There was a problem hiding this comment.
@gabriel-samfira Can we proceed with this as is and handle the whitelisting part in the other open issue? This is currently blocking some integration tests for WCOW.
There was a problem hiding this comment.
Apologies for the delay. I completely missed your replies.
@profnandaa The best source of truth for that list of files is probably the server team at MSFT (you should be able to ping them). We need to mirror what they say we should exclude. But we do need to exclude those files. In some cases we can't walk them (and we shouldn't) even with elevated privileges.
There was a problem hiding this comment.
Well noted, will follow up. Thanks!
fix (WCOW) file access failure for multistage builds
Fixes: #5193
The failure occurs on Windows Client SKUs (e.g., Windows 11) but generally works on server SKUs like WS2022, although similar failures can also occur on WS2022 in some cases.