mirror of https://github.com/k3s-io/k3s
44bed94f0e
`kubectl cp` relies on tar to extract the copied file/directory in the container, tar by default attempts to chown/chmod the extracted file after extraction if the user is the "superuser"(root) ``` --same-owner try extracting files with the same ownership as exists in the archive (default for superuser) -p, --preserve-permissions, --same-permissions extract information about file permissions (default for superuser) ``` This fails in environment where the container runs as root but is not granted the OWNER or CHOWN capability. Before this patch below was the behavior of `kubectl cp` ``` kubectl cp README.md foo-67b6fcbd4c-qjlt6:/tmp tar: README.md: Cannot change ownership to uid 1000, gid 1000: Operation not permitted tar: Exiting with failure status due to previous errors command terminated with exit code 2 kubectl exec -it foo-67b6fcbd4c-qjlt6 -- ls -l /tmp/README.md -rw------- 1 1000 1000 3179 Oct 7 22:00 /tmp/README.md ``` After this patch ``` kubectl cp -x a foo-67b6fcbd4c-qjlt6:/ kubectl exec -it foo-67b6fcbd4c-qjlt6 -- ls -l /tmp/README.md -rw-r--r-- 1 root root 3179 Oct 7 22:00 /tmp/README.md ``` |
||
|---|---|---|
| .. | ||
| api | ||
| apis | ||
| auth | ||
| capabilities | ||
| client | ||
| cloudprovider | ||
| controller | ||
| credentialprovider | ||
| features | ||
| fieldpath | ||
| generated | ||
| kubeapiserver | ||
| kubectl | ||
| kubelet | ||
| kubemark | ||
| master | ||
| printers | ||
| probe | ||
| proxy | ||
| quota | ||
| registry | ||
| routes | ||
| scheduler | ||
| security | ||
| securitycontext | ||
| serviceaccount | ||
| ssh | ||
| util | ||
| version | ||
| volume | ||
| watch/json | ||
| windows/service | ||
| .import-restrictions | ||
| BUILD | ||
| OWNERS | ||