Preserve uid/gid best-effort during tar extraction

Add bestEffortLchown() that calls os.Lchown after extracting each tar
entry (dirs, files, symlinks, hardlinks). When running as non-root,
EPERM is silently ignored so extraction still succeeds. This fixes
rootfs ownership issues where all files inherited the extracting
user's uid/gid instead of preserving tar header values.

Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>

Author: JAORMX

image/pull.go

@@ -316,8 +316,13 @@ func extractTarEntry(tr *tar.Reader, hdr *tar.Header, target, rootDir string) er
 			"name", hdr.Name,
 			"type", hdr.Typeflag,
 		)
+		return nil
 	}
 
+	// Best-effort ownership preservation from tar headers.
+	// When running as non-root, Lchown will fail with EPERM — that's fine.
+	bestEffortLchown(target, hdr.Uid, hdr.Gid)
+
 	return nil
 }
 
@@ -399,6 +404,16 @@ func extractSymlink(hdr *tar.Header, target, rootDir string) error {
 	return nil
 }
 
+// bestEffortLchown attempts to set uid/gid on a path without following symlinks.
+// It silently ignores EPERM (non-root can't chown) and logs other errors at debug level.
+func bestEffortLchown(path string, uid, gid int) {
+	if err := os.Lchown(path, uid, gid); err != nil {
+		if !os.IsPermission(err) {
+			slog.Debug("lchown failed", "path", path, "uid", uid, "gid", gid, "err", err)
+		}
+	}
+}
+
 // extractHardlink creates a hard link, validating that both source and target
 // remain within the rootfs directory.
 func extractHardlink(hdr *tar.Header, target, rootDir string) error {

image/pull_test.go

@@ -12,6 +12,7 @@ import (
 	"os"
 	"path/filepath"
 	"strings"
+	"syscall"
 	"testing"
 
 	v1 "github.com/google/go-containerregistry/pkg/v1"
@@ -103,6 +104,8 @@ func createTarBuffer(t *testing.T, entries []tarEntry) *bytes.Buffer {
 			Mode:     e.mode,
 			Size:     int64(len(e.content)),
 			Linkname: e.linkname,
+			Uid:      e.uid,
+			Gid:      e.gid,
 		}
 
 		err := tw.WriteHeader(hdr)
@@ -126,6 +129,8 @@ type tarEntry struct {
 	mode     int64
 	content  string
 	linkname string
+	uid      int
+	gid      int
 }
 
 func TestExtractTar_DirectoriesAndFiles(t *testing.T) {
@@ -309,6 +314,73 @@ func TestExtractTar_SkipsPathTraversal(t *testing.T) {
 	assert.Equal(t, "good content", string(data))
 }
 
+func TestExtractTar_PreservesOwnershipBestEffort(t *testing.T) {
+	t.Parallel()
+
+	entries := []tarEntry{
+		{
+			name:     "root-owned/",
+			typeflag: tar.TypeDir,
+			mode:     0o755,
+			uid:      0,
+			gid:      0,
+		},
+		{
+			name:     "root-owned/file.txt",
+			typeflag: tar.TypeReg,
+			mode:     0o644,
+			content:  "owned by root",
+			uid:      0,
+			gid:      0,
+		},
+		{
+			name:     "user-owned/",
+			typeflag: tar.TypeDir,
+			mode:     0o755,
+			uid:      1000,
+			gid:      1000,
+		},
+		{
+			name:     "user-owned/file.txt",
+			typeflag: tar.TypeReg,
+			mode:     0o644,
+			content:  "owned by user",
+			uid:      1000,
+			gid:      1000,
+		},
+	}
+
+	buf := createTarBuffer(t, entries)
+	dst := t.TempDir()
+
+	err := extractTar(buf, dst)
+	require.NoError(t, err)
+
+	// Verify files were extracted regardless of uid/gid.
+	data, err := os.ReadFile(filepath.Join(dst, "root-owned", "file.txt"))
+	require.NoError(t, err)
+	assert.Equal(t, "owned by root", string(data))
+
+	data, err = os.ReadFile(filepath.Join(dst, "user-owned", "file.txt"))
+	require.NoError(t, err)
+	assert.Equal(t, "owned by user", string(data))
+
+	// When running as root, verify ownership is actually preserved.
+	if os.Geteuid() == 0 {
+		info, err := os.Lstat(filepath.Join(dst, "root-owned", "file.txt"))
+		require.NoError(t, err)
+		stat := info.Sys().(*syscall.Stat_t)
+		assert.Equal(t, uint32(0), stat.Uid)
+		assert.Equal(t, uint32(0), stat.Gid)
+
+		info, err = os.Lstat(filepath.Join(dst, "user-owned", "file.txt"))
+		require.NoError(t, err)
+		stat = info.Sys().(*syscall.Stat_t)
+		assert.Equal(t, uint32(1000), stat.Uid)
+		assert.Equal(t, uint32(1000), stat.Gid)
+	}
+}
+
 // mockFetcher is a test double for ImageFetcher.
 type mockFetcher struct {
 	img v1.Image