Skip to content

minikube preload tarballs need to preserve extended attributes such as capabilities #17804

New issue
New issue
Closed
#17829
Closed
minikube preload tarballs need to preserve extended attributes such as capabilities#17804
#17829
Assignees
spowelljr
Labels
priority/important-soonMust be staffed and worked on either currently, or very soon, ideally in time for the next release.
@afbjorklund

Description

@afbjorklund
afbjorklund
opened on Dec 15, 2023

The coredns version included with Kubernetes 1.29.0, that is coredns v1.11.1, now requires capabilities:

-ADD coredns /coredns
+COPY coredns /coredns
+RUN setcap cap_net_bind_service=+ep /coredns

So when you run coredns from that image (in the preload), it does not have the capability to listen below 1024:

Listen: listen tcp :53: bind: permission denied

coredns/coredns@d21537f

We need to make sure to include the extended attributes in the tarball, and to extract them again (requires root)

--xattrs --xattrs-include=security.capability

Then the capabilities gets included in the tarball, under a special header called "SCHILY.xattr.security.capability"

It requires a reasonable new tar version, like 1.27+

Metadata

Metadata

Assignees

Labels

priority/important-soonMust be staffed and worked on either currently, or very soon, ideally in time for the next release.

Type

No type

Projects

No projects

Milestone

No milestone

Relationships

None yet

Development

No branches or pull requests

Issue actions