[lxc-devel] [lxd/master] Don't specify mode for intermediate directories created with `push -p`
albertodonato on Github
lxc-bot at linuxcontainers.org
Fri Jun 30 16:24:27 UTC 2017
A non-text attachment was scrubbed...
Name: not available
Type: text/x-mailbox
Size: 313 bytes
Desc: not available
URL: <http://lists.linuxcontainers.org/pipermail/lxc-devel/attachments/20170630/42f36055/attachment.bin>
-------------- next part --------------
From 610ae92a7563b5ba5d41f0e4c1671e6835e6fc86 Mon Sep 17 00:00:00 2001
From: Alberto Donato <alberto.donato at canonical.com>
Date: Fri, 30 Jun 2017 16:11:18 +0200
Subject: [PATCH] Don't specify mode for intermediate directories created with
`push -p`
Signed-off-by: Alberto Donato <alberto.donato at canonical.com>
---
lxc/file.go | 20 ++++++++++----------
lxd/container_lxc.go | 7 ++++++-
lxd/main.go | 2 +-
test/suites/filemanip.sh | 10 ++++++++++
4 files changed, 27 insertions(+), 12 deletions(-)
diff --git a/lxc/file.go b/lxc/file.go
index fbe09a9ee..52cc12ce4 100644
--- a/lxc/file.go
+++ b/lxc/file.go
@@ -164,7 +164,7 @@ func (c *fileCmd) recursivePushFile(d lxd.ContainerServer, container string, sou
return filepath.Walk(source, sendFile)
}
-func (c *fileCmd) recursiveMkdir(d lxd.ContainerServer, container string, p string, mode os.FileMode, uid int64, gid int64) error {
+func (c *fileCmd) recursiveMkdir(d lxd.ContainerServer, container string, p string, mode *os.FileMode, uid int64, gid int64) error {
/* special case, every container has a /, we don't need to do anything */
if p == "/" {
return nil
@@ -197,10 +197,14 @@ func (c *fileCmd) recursiveMkdir(d lxd.ContainerServer, container string, p stri
continue
}
+ modeArg := -1
+ if mode != nil {
+ modeArg = int(mode.Perm())
+ }
args := lxd.ContainerFileArgs{
UID: uid,
GID: gid,
- Mode: int(mode.Perm()),
+ Mode: modeArg,
Type: "directory",
}
@@ -286,7 +290,7 @@ func (c *fileCmd) push(conf *config.Config, send_file_perms bool, args []string)
mode, uid, gid := shared.GetOwnerMode(finfo)
- err = c.recursiveMkdir(d, container, targetPath, mode, int64(uid), int64(gid))
+ err = c.recursiveMkdir(d, container, targetPath, &mode, int64(uid), int64(gid))
if err != nil {
return err
}
@@ -346,12 +350,8 @@ func (c *fileCmd) push(conf *config.Config, send_file_perms bool, args []string)
return err
}
- if c.mode == "" || c.uid == -1 || c.gid == -1 {
- dMode, dUid, dGid := shared.GetOwnerMode(finfo)
- if c.mode == "" {
- mode = dMode
- }
-
+ _, dUid, dGid := shared.GetOwnerMode(finfo)
+ if c.uid == -1 || c.gid == -1 {
if c.uid == -1 {
uid = dUid
}
@@ -361,7 +361,7 @@ func (c *fileCmd) push(conf *config.Config, send_file_perms bool, args []string)
}
}
- err = c.recursiveMkdir(d, container, path.Dir(fpath), mode, int64(uid), int64(gid))
+ err = c.recursiveMkdir(d, container, path.Dir(fpath), nil, int64(uid), int64(gid))
if err != nil {
return err
}
diff --git a/lxd/container_lxc.go b/lxd/container_lxc.go
index 4350fe6c1..46ce11030 100644
--- a/lxd/container_lxc.go
+++ b/lxd/container_lxc.go
@@ -4750,6 +4750,11 @@ func (c *containerLXC) FilePush(srcpath string, dstpath string, uid int64, gid i
}
}
+ defaultMode := 0640
+ if srcpath == "" {
+ defaultMode = 0750
+ }
+
// Push the file to the container
out, err := shared.RunCommand(
execPath,
@@ -4763,7 +4768,7 @@ func (c *containerLXC) FilePush(srcpath string, dstpath string, uid int64, gid i
fmt.Sprintf("%d", mode),
fmt.Sprintf("%d", rootUid),
fmt.Sprintf("%d", rootGid),
- fmt.Sprintf("%d", int(os.FileMode(0640)&os.ModePerm)),
+ fmt.Sprintf("%d", int(os.FileMode(defaultMode)&os.ModePerm)),
write,
)
diff --git a/lxd/main.go b/lxd/main.go
index fe965a9ed..b8b92c136 100644
--- a/lxd/main.go
+++ b/lxd/main.go
@@ -198,7 +198,7 @@ func run() error {
// Process sub-commands
if len(os.Args) > 1 {
- // "forkputfile", "forkgetfile", "forkmount" and "forkumount" are handled specially in nsexec.go
+ // "forkputfile", "forkgetfile", "forkmount" and "forkumount" are handled specially in main_nsexec.go
// "forkgetnet" is partially handled in nsexec.go (setns)
switch os.Args[1] {
// Main commands
diff --git a/test/suites/filemanip.sh b/test/suites/filemanip.sh
index 9edcc255f..1eb6f2847 100644
--- a/test/suites/filemanip.sh
+++ b/test/suites/filemanip.sh
@@ -34,6 +34,16 @@ test_filemanip() {
lxc exec filemanip -- rm -rf /tmp/ptest/source
+ # Check that file permissions are not applied to intermediate directories
+
+ lxc file push -p --mode=400 "${TEST_DIR}"/source/foo \
+ filemanip/tmp/ptest/d1/d2/foo
+
+ [ "$(lxc exec filemanip -- stat -c "%a" /tmp/ptest/d1)" = "750" ]
+ [ "$(lxc exec filemanip -- stat -c "%a" /tmp/ptest/d1/d2)" = "750" ]
+
+ lxc exec filemanip -- rm -rf /tmp/ptest/d1
+
# Special case where we are in the same directory as the one we are currently
# created.
oldcwd=$(pwd)
More information about the lxc-devel
mailing list