[lxc-devel] [lxd/master] zfs: fix folder permissions after dataset creation

[brauner on Github]

A non-text attachment was scrubbed...
Name: not available
Type: text/x-mailbox
Size: 379 bytes
Desc: not available
URL: <http://lists.linuxcontainers.org/pipermail/lxc-devel/attachments/20170520/6dc76446/attachment.bin>
-------------- next part --------------
From d705f0b280a7a6882eb5895bfa5597d437912bcf Mon Sep 17 00:00:00 2001
From: Christian Brauner <christian.brauner at ubuntu.com>
Date: Sat, 20 May 2017 11:48:57 +0200
Subject: [PATCH 1/2] storage utils: add permission helpers

Signed-off-by: Christian Brauner <christian.brauner at ubuntu.com>
---
 lxd/storage_utils.go | 11 +++++++++++
 1 file changed, 11 insertions(+)

diff --git a/lxd/storage_utils.go b/lxd/storage_utils.go
index f1426cd52..e7051737c 100644
--- a/lxd/storage_utils.go
+++ b/lxd/storage_utils.go
@@ -1,6 +1,7 @@
 package main
 
 import (
+	"os"
 	"strings"
 	"syscall"
 	"time"
@@ -146,3 +147,13 @@ func storageConfigDiff(oldConfig map[string]string, newConfig map[string]string)
 
 	return changedConfig, userOnly
 }
+
+// Default permissions for folders in ${LXD_DIR}
+const containersDirMode os.FileMode = 0755
+const customDirMode os.FileMode = 0755
+const imagesDirMode os.FileMode = 0700
+const snapshotsDirMode os.FileMode = 0700
+
+// Driver permissions for driver specific folders in ${LXD_DIR}
+// zfs
+const deletedDirMode os.FileMode = 0700

From 533368aba845eadbd2e64ee8d86408cfcbb98b0e Mon Sep 17 00:00:00 2001
From: Christian Brauner <christian.brauner at ubuntu.com>
Date: Sat, 20 May 2017 11:49:10 +0200
Subject: [PATCH 2/2] zfs: fix folder permissions after dataset creation

Closes #3090.

Signed-off-by: Christian Brauner <christian.brauner at ubuntu.com>
---
 lxd/storage_zfs.go | 24 ++++++++++++++++++++++++
 1 file changed, 24 insertions(+)

diff --git a/lxd/storage_zfs.go b/lxd/storage_zfs.go
index 105494417..1ebedfea5 100644
--- a/lxd/storage_zfs.go
+++ b/lxd/storage_zfs.go
@@ -1806,6 +1806,12 @@ func (s *storageZfs) zfsPoolCreate() error {
 		return err
 	}
 
+	fixperms := shared.VarPath("storage-pools", s.pool.Name, "containers")
+	err = os.Chmod(fixperms, containersDirMode)
+	if err != nil {
+		logger.Warnf("failed to chmod \"%s\" to \"0%s\": %s", fixperms, strconv.FormatInt(int64(containersDirMode), 8), err)
+	}
+
 	err = s.zfsPoolVolumeCreate("images")
 	if err != nil {
 		return err
@@ -1816,6 +1822,12 @@ func (s *storageZfs) zfsPoolCreate() error {
 		return err
 	}
 
+	fixperms = shared.VarPath("storage-pools", s.pool.Name, "images")
+	err = os.Chmod(fixperms, imagesDirMode)
+	if err != nil {
+		logger.Warnf("failed to chmod \"%s\" to \"0%s\": %s", fixperms, strconv.FormatInt(int64(imagesDirMode), 8), err)
+	}
+
 	err = s.zfsPoolVolumeCreate("custom")
 	if err != nil {
 		return err
@@ -1826,6 +1838,12 @@ func (s *storageZfs) zfsPoolCreate() error {
 		return err
 	}
 
+	fixperms = shared.VarPath("storage-pools", s.pool.Name, "custom")
+	err = os.Chmod(fixperms, customDirMode)
+	if err != nil {
+		logger.Warnf("failed to chmod \"%s\" to \"0%s\": %s", fixperms, strconv.FormatInt(int64(customDirMode), 8), err)
+	}
+
 	err = s.zfsPoolVolumeCreate("deleted")
 	if err != nil {
 		return err
@@ -1836,6 +1854,12 @@ func (s *storageZfs) zfsPoolCreate() error {
 		return err
 	}
 
+	fixperms = shared.VarPath("storage-pools", s.pool.Name, "deleted")
+	err = os.Chmod(fixperms, deletedDirMode)
+	if err != nil {
+		logger.Warnf("failed to chmod \"%s\" to \"0%s\": %s", fixperms, strconv.FormatInt(int64(deletedDirMode), 8), err)
+	}
+
 	return nil
 }