[lxc-devel] [lxd/stable-2.0] storage: ensure the container directory has the right permission

[CodeJuan on Github]

A non-text attachment was scrubbed...
Name: not available
Type: text/x-mailbox
Size: 545 bytes
Desc: not available
URL: <http://lists.linuxcontainers.org/pipermail/lxc-devel/attachments/20170326/55137ccd/attachment.bin>
-------------- next part --------------
From e993128d518b84ba8c590dd98fa8f7a7fd636826 Mon Sep 17 00:00:00 2001
From: codejuan <xh at decbug.com>
Date: Sun, 26 Mar 2017 11:12:10 +0800
Subject: [PATCH] storage: ensure the container directory has the right
 permission

When the container directory was created by other application(such as nova-lxd), the
container directory maybe has the wrong perrmissions, so chmod 755 to ensure the directory has the right permission

Signed-off-by: codejuan <xh at decbug.com>
---
 lxd/storage_dir.go | 22 ++++++++++++++++------
 1 file changed, 16 insertions(+), 6 deletions(-)

diff --git a/lxd/storage_dir.go b/lxd/storage_dir.go
index c8dac4d..e938a05 100644
--- a/lxd/storage_dir.go
+++ b/lxd/storage_dir.go
@@ -36,10 +36,15 @@ func (s *storageDir) ContainerCreate(container container) error {
 		return fmt.Errorf("Error creating containers directory")
 	}
 
+	var mode os.FileMode
 	if container.IsPrivileged() {
-		if err := os.Chmod(cPath, 0700); err != nil {
-			return err
-		}
+		mode = 0700
+	} else {
+		mode = 0755
+	}
+
+	if err := os.Chmod(cPath, mode); err != nil {
+		return err
 	}
 
 	return container.TemplateApply("create")
@@ -53,10 +58,15 @@ func (s *storageDir) ContainerCreateFromImage(
 		return fmt.Errorf("Error creating rootfs directory")
 	}
 
+	var mode os.FileMode
 	if container.IsPrivileged() {
-		if err := os.Chmod(container.Path(), 0700); err != nil {
-			return err
-		}
+		mode = 0700
+	} else {
+		mode = 0755
+	}
+
+	if err := os.Chmod(container.Path(), mode); err != nil {
+		return err
 	}
 
 	imagePath := shared.VarPath("images", imageFingerprint)