[lxc-devel] [lxd/master] [WIP [TESTING]]: fix path permissions

brauner on Github lxc-bot at linuxcontainers.org
Tue Apr 10 14:16:12 UTC 2018 

A non-text attachment was scrubbed...
Name: not available
Type: text/x-mailbox
Size: 364 bytes
Desc: not available
URL: <http://lists.linuxcontainers.org/pipermail/lxc-devel/attachments/20180410/b53cae96/attachment.bin>
-------------- next part --------------
From ca41760d50d41f0875df1840743a6f9fd0f9ab5a Mon Sep 17 00:00:00 2001
From: Christian Brauner <christian.brauner at ubuntu.com>
Date: Tue, 10 Apr 2018 14:52:48 +0200
Subject: [PATCH 1/5] storage: createContainerMountpoint() fix perms

s/0755/0711/g

Closes #4433.

Signed-off-by: Christian Brauner <christian.brauner at ubuntu.com>
---
 lxd/storage.go | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/lxd/storage.go b/lxd/storage.go
index 5f9f7088f4..f718027e03 100644
--- a/lxd/storage.go
+++ b/lxd/storage.go
@@ -585,7 +585,7 @@ func createContainerMountpoint(mountPoint string, mountPointSymlink string, priv
 	if privileged {
 		mode = 0700
 	} else {
-		mode = 0755
+		mode = 0711
 	}
 
 	mntPointSymlinkExist := shared.PathExists(mountPointSymlink)
@@ -593,7 +593,7 @@ func createContainerMountpoint(mountPoint string, mountPointSymlink string, priv
 
 	var err error
 	if !mntPointSymlinkTargetExist {
-		err = os.MkdirAll(mountPoint, 0755)
+		err = os.MkdirAll(mountPoint, 0711)
 		if err != nil {
 			return err
 		}

From 3605dcbf3d418fe3c5b91c97cbbde4e306cdf030 Mon Sep 17 00:00:00 2001
From: Christian Brauner <christian.brauner at ubuntu.com>
Date: Tue, 10 Apr 2018 14:53:38 +0200
Subject: [PATCH 2/5] ceph: s/0755/0711/g

Closes #4433.

Signed-off-by: Christian Brauner <christian.brauner at ubuntu.com>
---
 lxd/storage_ceph.go | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

diff --git a/lxd/storage_ceph.go b/lxd/storage_ceph.go
index 4bd9832ec8..1839c0867c 100644
--- a/lxd/storage_ceph.go
+++ b/lxd/storage_ceph.go
@@ -1096,15 +1096,15 @@ func (s *storageCeph) ContainerCreateFromImage(container container, fingerprint
 		}
 		logger.Debugf(`Shifted rootfs for container "%s"`, containerName)
 
-		err = os.Chmod(containerPoolVolumeMntPoint, 0755)
+		err = os.Chmod(containerPoolVolumeMntPoint, 0711)
 		if err != nil {
 			logger.Errorf(`Failed change mountpoint "%s" `+
-				`permissions to 0755 for container "%s" for `+
+				`permissions to 0711 for container "%s" for `+
 				`RBD storage volume: %s`,
 				containerPoolVolumeMntPoint, containerName, err)
 			return err
 		}
-		logger.Debugf(`Changed mountpoint "%s" permissions to 0755 for `+
+		logger.Debugf(`Changed mountpoint "%s" permissions to 0711 for `+
 			`container "%s" for RBD storage volume`,
 			containerPoolVolumeMntPoint, containerName)
 	} else {

From cec4d40b2f34e2031c0167db66a832c774e509a0 Mon Sep 17 00:00:00 2001
From: Christian Brauner <christian.brauner at ubuntu.com>
Date: Tue, 10 Apr 2018 14:54:14 +0200
Subject: [PATCH 3/5] lvm: s/0755/0711/g

Closes #4433.

Signed-off-by: Christian Brauner <christian.brauner at ubuntu.com>
---
 lxd/storage_lvm.go | 8 ++++----
 1 file changed, 4 insertions(+), 4 deletions(-)

diff --git a/lxd/storage_lvm.go b/lxd/storage_lvm.go
index 341ebe3e70..df5c7cb309 100644
--- a/lxd/storage_lvm.go
+++ b/lxd/storage_lvm.go
@@ -898,7 +898,7 @@ func (s *storageLvm) ContainerCreate(container container) error {
 		sourceName, _, _ := containerGetParentAndSnapshotName(containerName)
 		snapshotMntPointSymlinkTarget := shared.VarPath("storage-pools", s.pool.Name, "snapshots", sourceName)
 		snapshotMntPointSymlink := shared.VarPath("snapshots", sourceName)
-		err := os.MkdirAll(containerMntPoint, 0755)
+		err := os.MkdirAll(containerMntPoint, 0711)
 		if err != nil {
 			return err
 		}
@@ -909,7 +909,7 @@ func (s *storageLvm) ContainerCreate(container container) error {
 	} else {
 		containerMntPoint := getContainerMountPoint(s.pool.Name, containerName)
 		containerPath := container.Path()
-		err := os.MkdirAll(containerMntPoint, 0755)
+		err := os.MkdirAll(containerMntPoint, 0711)
 		if err != nil {
 			return err
 		}
@@ -955,7 +955,7 @@ func (s *storageLvm) ContainerCreateFromImage(container container, fingerprint s
 
 	containerMntPoint := getContainerMountPoint(s.pool.Name, containerName)
 	containerPath := container.Path()
-	err = os.MkdirAll(containerMntPoint, 0755)
+	err = os.MkdirAll(containerMntPoint, 0711)
 	if err != nil {
 		return err
 	}
@@ -985,7 +985,7 @@ func (s *storageLvm) ContainerCreateFromImage(container container, fingerprint s
 	if container.IsPrivileged() {
 		err = os.Chmod(containerMntPoint, 0700)
 	} else {
-		err = os.Chmod(containerMntPoint, 0755)
+		err = os.Chmod(containerMntPoint, 0711)
 	}
 	if err != nil {
 		return err

From eb022c964986adce2c1305903b0b46b91f8cd905 Mon Sep 17 00:00:00 2001
From: Christian Brauner <christian.brauner at ubuntu.com>
Date: Tue, 10 Apr 2018 14:55:26 +0200
Subject: [PATCH 4/5] storage utils: s/0755/0711/g

Closes #4433.

Signed-off-by: Christian Brauner <christian.brauner at ubuntu.com>
---
 lxd/storage_utils.go | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/lxd/storage_utils.go b/lxd/storage_utils.go
index 581f213f78..b4fe2b3930 100644
--- a/lxd/storage_utils.go
+++ b/lxd/storage_utils.go
@@ -158,8 +158,8 @@ func storageConfigDiff(oldConfig map[string]string, newConfig map[string]string)
 }
 
 // Default permissions for folders in ${LXD_DIR}
-const containersDirMode os.FileMode = 0755
-const customDirMode os.FileMode = 0755
+const containersDirMode os.FileMode = 0711
+const customDirMode os.FileMode = 0711
 const imagesDirMode os.FileMode = 0700
 const snapshotsDirMode os.FileMode = 0700
 

From c9081d994616f7db69c74e95de2e341f0f67bcf5 Mon Sep 17 00:00:00 2001
From: Christian Brauner <christian.brauner at ubuntu.com>
Date: Tue, 10 Apr 2018 14:55:56 +0200
Subject: [PATCH 5/5] zfs: s/0755/0711/g

Closes #4433.

Signed-off-by: Christian Brauner <christian.brauner at ubuntu.com>
---
 lxd/storage_zfs.go | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/lxd/storage_zfs.go b/lxd/storage_zfs.go
index e657c30815..e3a0594d67 100644
--- a/lxd/storage_zfs.go
+++ b/lxd/storage_zfs.go
@@ -129,7 +129,7 @@ func (s *storageZfs) StoragePoolCreate() error {
 	}()
 
 	storagePoolMntPoint := getStoragePoolMountPoint(s.pool.Name)
-	err = os.MkdirAll(storagePoolMntPoint, 0755)
+	err = os.MkdirAll(storagePoolMntPoint, 0711)
 	if err != nil {
 		return err
 	}

More information about the lxc-devel mailing list