[lxc-devel] RFC - umask

Serge Hallyn serge.hallyn at ubuntu.com
Thu Sep 11 16:06:48 UTC 2014


Thanks - I don't think that's what we want though, as the containers
will often be a different distro which will have its own idea of a
sane umask.

My question specifically was, when we create ~/.local/share/lxc/c2
to host container c2, how should we ensure that the permissions are
such that we can actually start the container later.  Right now we
do nothing, so you may end up unable to start the container.

Quoting Jean-Tiare LE BIGOT (jean-tiare.le-bigot at ovh.net):
> Hi,
> 
> Maybe, we can consider umask as a user setting for the container itself.
> 
> In practice, we would then
>  1/ save current umask value
>  2/ set it to something known, decent, controlled for setup/api time
>  3/ restore it right before 'exec'ing container's 'init'
> 
> On 09/10/2014 10:06 PM, Serge Hallyn wrote:
> >Hi,
> >
> >so https://bugs.launchpad.net/bugs/1367730 points out another case where
> >running lxc under a tight umask can cause trouble for the containers.
> >How best to handle this?
> >
> >(1) We could ignore it.
> >
> >(2) We could detect too-tight umasks and warn.
> >
> >(3) We could set a desirable umask at the top of all api functions.
> >
> >(4) We could set the umask before any mkdir or create.
> >
> >(5) We could switch over to using our own custom mkdir and create which
> >do the umask for us.
> >
> >I'm tempted to go with 4, but am curious what others think.
> >
> >-serge
> >_______________________________________________
> >lxc-devel mailing list
> >lxc-devel at lists.linuxcontainers.org
> >http://lists.linuxcontainers.org/listinfo/lxc-devel
> >
> 
> -- 
> Jean-Tiare, shared-hosting team
> _______________________________________________
> lxc-devel mailing list
> lxc-devel at lists.linuxcontainers.org
> http://lists.linuxcontainers.org/listinfo/lxc-devel


More information about the lxc-devel mailing list