Skip setting xattrs when running as non-root

AkihiroSuda · AkihiroSuda · commit 6e86a8399274 · 2024-08-16T11:23:13.000+09:00
To fix:
```
ERRO[0022] field "Layers[10]": failed to load layer (input-0): failed to setxattr "/tmp/r/93992c935cd0c3a219bf8a33e3c4fdd8bff42d4fd51a0067edcc68dc8596935b/diff/input-0/layers-10/usr/bin/newgidmap"
for key "security.capability": operation not permitted
```

Signed-off-by: Akihiro Suda &lt;akihiro.suda.cz@hco.ntt.co.jp&gt;
diff --git a/pkg/diff/diff.go b/pkg/diff/diff.go
@@ -10,6 +10,7 @@ import (
 	"os"
 	"path"
 	"path/filepath"
+	"runtime"
 	"slices"
 	"sort"
 	"strconv"
@@ -700,6 +701,20 @@ func (d *differ) loadLayer(ctx context.Context, node *EventTreeNode, inputIdx in
 			hdr.Name = strings.TrimPrefix(hdr.Name, "/")
 			hdr.Name = strings.TrimPrefix(hdr.Name, "./")
 		}
+		if os.Geteuid() != 0 && runtime.GOOS == "linux" {
+			for k := range hdr.Xattrs {
+				if strings.HasPrefix(k, "security.") {
+					log.G(ctx).Debugf("Ignoring xattr %q", k)
+					delete(hdr.Xattrs, k)
+				}
+			}
+			for k := range hdr.PAXRecords {
+				if strings.HasPrefix(k, "SCHILY.xattr.security.") {
+					log.G(ctx).Debugf("Ignoring PAX record %q", k)
+					delete(hdr.PAXRecords, k)
+				}
+			}
+		}
 		res.entries++
 		ent := &TarEntry{
 			Index:  i,
