fix snapshotter ignore list

* include filesystem mounts in ignorelist of snapshotter * clean up ignore list logic
GoogleContainerTools · May 18, 2021 · cfefcee · cfefcee
1 parent 491a898
commit cfefcee
Show file tree

Hide file tree

Showing 5 changed files with 58 additions and 68 deletions.
diff --git a/cmd/executor/cmd/root.go b/cmd/executor/cmd/root.go
@@ -87,9 +87,8 @@ var RootCmd = &cobra.Command{
 				return errors.New("You must provide --destination if setting ImageNameTagDigestFile")
 			}
 			// Update ignored paths
-			util.UpdateInitialIgnoreList(opts.IgnoreVarRun)
 			for _, p := range opts.IgnorePaths {
-				util.AddToBaseIgnoreList(util.IgnoreListEntry{
+				util.AddToDefaultIgnoreList(util.IgnoreListEntry{
 					Path:            p,
 					PrefixMatchOnly: false,
 				})

diff --git a/pkg/executor/build.go b/pkg/executor/build.go
@@ -98,6 +98,11 @@ func newStageBuilder(opts *config.KanikoOptions, stage config.KanikoStage, cross
 		return nil, err
 	}
 
+	err = util.InitIgnoreList(true, opts.IgnoreVarRun)
+	if err != nil {
+		return nil, errors.Wrap(err, "failed to initialize ignore list")
+	}
+
 	hasher, err := getHasher(opts.SnapshotMode)
 	if err != nil {
 		return nil, err
@@ -311,10 +316,6 @@ func (s *stageBuilder) build() error {
 		logrus.Info("Skipping unpacking as no commands require it.")
 	}
 
-	if err := util.DetectFilesystemIgnoreList(config.IgnoreListPath); err != nil {
-		return errors.Wrap(err, "failed to check filesystem mount paths")
-	}
-
 	initSnapshotTaken := false
 	if s.opts.SingleSnapshot || s.opts.RunV2 {
 		if err := s.initSnapshotWithTimings(); err != nil {

diff --git a/pkg/filesystem/resolve.go b/pkg/filesystem/resolve.go
@@ -74,6 +74,9 @@ func ResolvePaths(paths []string, wl []util.IgnoreListEntry) (pathsToAdd []strin
 			logrus.Debugf("symlink path %s, target does not exist", f)
 			continue
 		}
+		if f != evaled {
+			logrus.Debugf("resolved symlink %s to %s", f, evaled)
+		}
 
 		// If the given path is a symlink and the target is part of the ignorelist
 		// ignore the target

diff --git a/pkg/util/fs_util.go b/pkg/util/fs_util.go
@@ -74,8 +74,7 @@ var defaultIgnoreList = []IgnoreListEntry{
 	},
 }
 
-var baseIgnoreList = defaultIgnoreList
-var ignorelist = baseIgnoreList
+var ignorelist = append([]IgnoreListEntry{}, defaultIgnoreList...)
 
 var volumes = []string{}
 
@@ -101,8 +100,8 @@ func AddToIgnoreList(entry IgnoreListEntry) {
 	ignorelist = append(ignorelist, entry)
 }
 
-func AddToBaseIgnoreList(entry IgnoreListEntry) {
-	baseIgnoreList = append(baseIgnoreList, entry)
+func AddToDefaultIgnoreList(entry IgnoreListEntry) {
+	defaultIgnoreList = append(defaultIgnoreList, entry)
 }
 
 func IncludeWhiteout() FSOpt {
@@ -143,12 +142,6 @@ func GetFSFromLayers(root string, layers []v1.Layer, opts ...FSOpt) ([]string, e
 		return nil, errors.New("must supply an extract function")
 	}
 
-	if err := DetectFilesystemIgnoreList(config.IgnoreListPath); err != nil {
-		return nil, err
-	}
-
-	logrus.Debugf("Mounted directories: %v", ignorelist)
-
 	extractedFiles := []string{}
 	for i, l := range layers {
 		if mediaType, err := l.MediaType(); err == nil {
@@ -393,27 +386,18 @@ func ExtractFile(dest string, hdr *tar.Header, tr io.Reader) error {
 	return nil
 }
 
-func IsInIgnoreList(path string) bool {
-	return IsInProvidedIgnoreList(path, ignorelist)
-}
-
 func IsInProvidedIgnoreList(path string, wl []IgnoreListEntry) bool {
-	for _, entry := range wl {
-		if !entry.PrefixMatchOnly && path == entry.Path {
+	for _, wl := range wl {
+		if HasFilepathPrefix(path, wl.Path, wl.PrefixMatchOnly) {
 			return true
 		}
 	}
+
 	return false
 }
 
 func CheckIgnoreList(path string) bool {
-	for _, wl := range ignorelist {
-		if HasFilepathPrefix(path, wl.Path, wl.PrefixMatchOnly) {
-			return true
-		}
-	}
-
-	return false
+	return IsInProvidedIgnoreList(path, ignorelist)
 }
 
 func checkIgnoreListRoot(root string) bool {
@@ -430,7 +414,7 @@ func checkIgnoreListRoot(root string) bool {
 // Where (5) is the mount point relative to the process's root
 // From: https://www.kernel.org/doc/Documentation/filesystems/proc.txt
 func DetectFilesystemIgnoreList(path string) error {
-	ignorelist = baseIgnoreList
+	logrus.Trace("Detecting filesystem ignore list")
 	volumes = []string{}
 	f, err := os.Open(path)
 	if err != nil {
@@ -453,7 +437,7 @@ func DetectFilesystemIgnoreList(path string) error {
 			continue
 		}
 		if lineArr[4] != config.RootDir {
-			logrus.Tracef("Appending %s from line: %s", lineArr[4], line)
+			logrus.Tracef("Adding ignore list entry %s from line: %s", lineArr[4], line)
 			ignorelist = append(ignorelist, IgnoreListEntry{
 				Path:            lineArr[4],
 				PrefixMatchOnly: false,
@@ -909,19 +893,31 @@ func createParentDirectory(path string) error {
 	return nil
 }
 
-// UpdateInitialIgnoreList will add /var/run to ignored paths if
-func UpdateInitialIgnoreList(ignoreVarRun bool) {
-	if !ignoreVarRun {
-		return
-	}
-	logrus.Trace("Adding /var/run to initialIgnoreList ")
-	baseIgnoreList = append(baseIgnoreList, IgnoreListEntry{
-		// /var/run is a special case. It's common to mount in /var/run/docker.sock or something similar
-		// which leads to a special mount on the /var/run/docker.sock file itself, but the directory to exist
-		// in the image with no way to tell if it came from the base image or not.
-		Path:            "/var/run",
-		PrefixMatchOnly: false,
-	})
+// InitIgnoreList will initialize the ignore list using:
+// - defaultIgnoreList
+// - mounted paths via DetectFilesystemIgnoreList()
+// - also adds /var/run if requested. This is a special case. It's common to mount in /var/run/docker.sock
+//   or something similar which leads to a special mount on the /var/run/docker.sock file itself, but the directory to exist
+//   in the image with no way to tell if it came from the base image or not.
+func InitIgnoreList(detectFilesystem, ignoreVarRun bool) error {
+	logrus.Trace("Initializing ignore list")
+	ignorelist = append([]IgnoreListEntry{}, defaultIgnoreList...)
+
+	if detectFilesystem {
+		if err := DetectFilesystemIgnoreList(config.IgnoreListPath); err != nil {
+			return errors.Wrap(err, "checking filesystem mount paths for ignore list")
+		}
+	}
+
+	if ignoreVarRun {
+		logrus.Trace("Adding /var/run to ignore list")
+		ignorelist = append(ignorelist, IgnoreListEntry{
+			Path:            "/var/run",
+			PrefixMatchOnly: false,
+		})
+	}
+
+	return nil
 }
 
 type walkFSResult struct {
@@ -968,7 +964,7 @@ func gowalkDir(dir string, existingPaths map[string]struct{}, changeFunc func(st
 	godirwalk.Walk(dir, &godirwalk.Options{
 		Callback: func(path string, ent *godirwalk.Dirent) error {
 			logrus.Tracef("Analyzing path %s", path)
-			if IsInIgnoreList(path) {
+			if CheckIgnoreList(path) {
 				if IsDestDir(path) {
 					logrus.Tracef("Skipping paths under %s, as it is a ignored directory", path)
 					return filepath.SkipDir
@@ -996,7 +992,7 @@ func GetFSInfoMap(dir string, existing map[string]os.FileInfo) (map[string]os.Fi
 	timer := timing.Start("Walking filesystem with Stat")
 	godirwalk.Walk(dir, &godirwalk.Options{
 		Callback: func(path string, ent *godirwalk.Dirent) error {
-			if IsInIgnoreList(path) {
+			if CheckIgnoreList(path) {
 				if IsDestDir(path) {
 					logrus.Tracef("Skipping paths under %s, as it is a ignored directory", path)
 					return filepath.SkipDir

diff --git a/pkg/util/fs_util_test.go b/pkg/util/fs_util_test.go
@@ -79,27 +79,16 @@ func Test_DetectFilesystemSkiplist(t *testing.T) {
 }
 
 func Test_AddToIgnoreList(t *testing.T) {
-	AddToIgnoreList(IgnoreListEntry{
-		Path:            "/tmp",
-		PrefixMatchOnly: false,
-	})
-
-	if !CheckIgnoreList("/tmp") {
-		t.Errorf("CheckIgnoreList() = %v, want %v", false, true)
-	}
-}
-
-func Test_AddToBaseIgnoreList(t *testing.T) {
 	t.Cleanup(func() {
-		baseIgnoreList = defaultIgnoreList
+		ignorelist = append([]IgnoreListEntry{}, defaultIgnoreList...)
 	})
 
-	AddToBaseIgnoreList(IgnoreListEntry{
+	AddToIgnoreList(IgnoreListEntry{
 		Path:            "/tmp",
 		PrefixMatchOnly: false,
 	})
 
-	if !IsInProvidedIgnoreList("/tmp", baseIgnoreList) {
+	if !CheckIgnoreList("/tmp") {
 		t.Errorf("CheckIgnoreList() = %v, want %v", false, true)
 	}
 }
@@ -1349,7 +1338,7 @@ func TestUpdateSkiplist(t *testing.T) {
 		expected   []IgnoreListEntry
 	}{
 		{
-			name:       "var/run ignored",
+			name:       "/var/run ignored",
 			skipVarRun: true,
 			expected: []IgnoreListEntry{
 				{
@@ -1371,7 +1360,7 @@ func TestUpdateSkiplist(t *testing.T) {
 			},
 		},
 		{
-			name: "var/run not ignored",
+			name: "/var/run not ignored",
 			expected: []IgnoreListEntry{
 				{
 					Path:            "/kaniko",
@@ -1390,16 +1379,18 @@ func TestUpdateSkiplist(t *testing.T) {
 	}
 	for _, tt := range tests {
 		t.Run(tt.name, func(t *testing.T) {
-			original := baseIgnoreList
-			defer func() { baseIgnoreList = original }()
-			UpdateInitialIgnoreList(tt.skipVarRun)
+			original := append([]IgnoreListEntry{}, ignorelist...)
+			defer func() { ignorelist = original }()
+
+			err := InitIgnoreList(false, tt.skipVarRun)
+			testutil.CheckNoError(t, err)
 			sort.Slice(tt.expected, func(i, j int) bool {
 				return tt.expected[i].Path < tt.expected[j].Path
 			})
-			sort.Slice(baseIgnoreList, func(i, j int) bool {
-				return baseIgnoreList[i].Path < baseIgnoreList[j].Path
+			sort.Slice(ignorelist, func(i, j int) bool {
+				return ignorelist[i].Path < ignorelist[j].Path
 			})
-			testutil.CheckDeepEqual(t, tt.expected, baseIgnoreList)
+			testutil.CheckDeepEqual(t, tt.expected, ignorelist)
 		})
 	}
 }