bug: tar extract with overlayfs whiteout

[rchincha]

If the tar contents are

/a/.wh.b /a/b/c/d

and we use a tar extractor with overlayfs whiteout option (assuming I want to overlayfs the unpacked layers), then at: https://github.com/opencontainers/umoci/blob/main/oci/layer/tar_extract.go#L490 ^ a mknod happens when /a/.wh.b is encountered.

However, when /a/b/c/d is encountered, cannot really do a mkdir /a/b/c/ at: https://github.com/opencontainers/umoci/blob/main/oci/layer/tar_extract.go#L513 ^ since /a/b is a non-dir entry.

There are two ways to fix this:

1. on a /a/.wh.b, just remove that entry completely (rm -rf /a/b) and proceed
2. set trusted.overlay.opaque=y for /a/b and proceed ... basically force this https://github.com/opencontainers/umoci/blob/main/oci/layer/tar_extract.go#L369

@cyphar Thoughts?

[rchincha]

+++ b/oci/layer/tar_extract.go
@@ -380,7 +380,9 @@ func (te *TarExtractor) overlayFSWhiteout(dir string, file string) error {

-       err := te.fsEval.Mknod(p, unix.S_IFCHR|0666, unix.Mkdev(0, 0))
+       err := te.fsEval.Lsetxattr(dir, "user.overlay.opaque", []byte("y"), 0)

[cyphar]

This is actually a more generic issue -- if you have a tar archive with

a/b = not a directory
a/b/c/d = some file

You will get the same error with umoci. It's just that you can now encounter this with more standard archives. The solution is to simply do a RemoveAll once you find the offending non-directory.