From 07e3a516e4fe605541d8836a73c7e2a3163e2f11 Mon Sep 17 00:00:00 2001
From: Jacob McNamee <jacob@jacobmcnamee.com>
Date: Sun, 28 Jan 2024 12:57:24 -0800
Subject: [PATCH] lxc-download, lxc-local: preserve xattrs on unpack

Update tar invocation to preserve all xattrs when unpacking the rootfs,
notably retaining security.capability xattrs (e.g. for ping, newuidmap)

Note: bsdtar already preserves xattrs with -p

Signed-off-by: Jacob McNamee <jacob@jacobmcnamee.com>
---
 templates/lxc-download.in | 2 +-
 templates/lxc-local.in    | 2 +-
 2 files changed, 2 insertions(+), 2 deletions(-)

diff --git a/templates/lxc-download.in b/templates/lxc-download.in
index c6d741c6f7..75bff24279 100755
--- a/templates/lxc-download.in
+++ b/templates/lxc-download.in
@@ -414,7 +414,7 @@ fi
 if [ "${IS_BSD_TAR}" = "true" ]; then
   tar ${EXCLUDES} --numeric-owner -xpJf "${LXC_CACHE_PATH}/rootfs.tar.xz" -C "${LXC_ROOTFS}"
 else
-  tar  --anchored ${EXCLUDES} --numeric-owner -xpJf "${LXC_CACHE_PATH}/rootfs.tar.xz" -C "${LXC_ROOTFS}"
+  tar --anchored ${EXCLUDES} --numeric-owner --xattrs-include='*' -xpJf "${LXC_CACHE_PATH}/rootfs.tar.xz" -C "${LXC_ROOTFS}"
 fi
 
 mkdir -p "${LXC_ROOTFS}/dev/pts/"
diff --git a/templates/lxc-local.in b/templates/lxc-local.in
index fbabd306e7..673a02e154 100755
--- a/templates/lxc-local.in
+++ b/templates/lxc-local.in
@@ -338,7 +338,7 @@ unpack_rootfs() {
     echo "Excludes: ${EXCLUDES}"
   fi
 
-  tar --anchored ${EXCLUDES} --numeric-owner -xpJf "${LXC_FSTREE}" -C "${LXC_ROOTFS}"
+  tar --anchored ${EXCLUDES} --numeric-owner --xattrs-include='*' -xpJf "${LXC_FSTREE}" -C "${LXC_ROOTFS}"
 
   prepare_rootfs
 }