Commit 533bf95d1ed4e9b90289ae6521ba1fda8597fd71 - golang-github-containers-buildah

chroot: create bind mount targets 0755 instead of 0700 Create the target mountpoints for bind mounts, when they don't already exist, with 0755 permissions, for better consistency with runc. Signed-off-by: Nalin Dahyabhai <nalin@redhat.com> Nalin Dahyabhai 3 years ago

1 changed file(s) with 6 addition(s) and 6 deletion(s). Raw diff Collapse all Expand all

-6

chroot/run.go less more

1046	1046	subDev := filepath.Join(spec.Root.Path, "/dev")
1047	1047	if err := unix.Mount("/dev", subDev, "bind", devFlags, ""); err != nil {
1048	1048	if os.IsNotExist(err) {
1049		err = os.Mkdir(subDev, 0700)
	1049	err = os.Mkdir(subDev, 0755)
1050	1050	if err == nil {
1051	1051	err = unix.Mount("/dev", subDev, "bind", devFlags, "")
1052	1052	}

1070	1070	subProc := filepath.Join(spec.Root.Path, "/proc")
1071	1071	if err := unix.Mount("/proc", subProc, "bind", procFlags, ""); err != nil {
1072	1072	if os.IsNotExist(err) {
1073		err = os.Mkdir(subProc, 0700)
	1073	err = os.Mkdir(subProc, 0755)
1074	1074	if err == nil {
1075	1075	err = unix.Mount("/proc", subProc, "bind", procFlags, "")
1076	1076	}

1085	1085	subSys := filepath.Join(spec.Root.Path, "/sys")
1086	1086	if err := unix.Mount("/sys", subSys, "bind", sysFlags, ""); err != nil {
1087	1087	if os.IsNotExist(err) {
1088		err = os.Mkdir(subSys, 0700)
	1088	err = os.Mkdir(subSys, 0755)
1089	1089	if err == nil {
1090	1090	err = unix.Mount("/sys", subSys, "bind", sysFlags, "")
1091	1091	}

1162	1162	}
1163	1163	// The target isn't there yet, so create it.
1164	1164	if srcinfo.IsDir() {
1165		if err = os.MkdirAll(target, 0111); err != nil {
	1165	if err = os.MkdirAll(target, 0755); err != nil {
1166	1166	return undoBinds, errors.Wrapf(err, "error creating mountpoint %q in mount namespace", target)
1167	1167	}
1168	1168	} else {
1169		if err = os.MkdirAll(filepath.Dir(target), 0111); err != nil {
	1169	if err = os.MkdirAll(filepath.Dir(target), 0755); err != nil {
1170	1170	return undoBinds, errors.Wrapf(err, "error ensuring parent of mountpoint %q (%q) is present in mount namespace", target, filepath.Dir(target))
1171	1171	}
1172	1172	var file *os.File
1173		if file, err = os.OpenFile(target, os.O_WRONLY\|os.O_CREATE, 0); err != nil {
	1173	if file, err = os.OpenFile(target, os.O_WRONLY\|os.O_CREATE, 0755); err != nil {
1174	1174	return undoBinds, errors.Wrapf(err, "error creating mountpoint %q in mount namespace", target)
1175	1175	}
1176	1176	file.Close()