[lxc-devel] [lxd/master] lxd/sys: Enforce directory permissions

stgraber on Github lxc-bot at linuxcontainers.org
Sat Oct 12 01:01:27 UTC 2019


A non-text attachment was scrubbed...
Name: not available
Type: text/x-mailbox
Size: 354 bytes
Desc: not available
URL: <http://lists.linuxcontainers.org/pipermail/lxc-devel/attachments/20191011/94f55466/attachment.bin>
-------------- next part --------------
From 34dc242bee815daf687953da3cccf332534266db Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?St=C3=A9phane=20Graber?= <stgraber at ubuntu.com>
Date: Fri, 11 Oct 2019 14:18:13 -0400
Subject: [PATCH] lxd/sys: Enforce directory permissions
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

Signed-off-by: Stéphane Graber <stgraber at ubuntu.com>
---
 lxd/sys/fs.go | 11 +++++++++--
 1 file changed, 9 insertions(+), 2 deletions(-)

diff --git a/lxd/sys/fs.go b/lxd/sys/fs.go
index 5905c433a0..3e76ca3343 100644
--- a/lxd/sys/fs.go
+++ b/lxd/sys/fs.go
@@ -58,8 +58,15 @@ func (s *OS) initDirs() error {
 
 	for _, dir := range dirs {
 		err := os.Mkdir(dir.path, dir.mode)
-		if err != nil && !os.IsExist(err) {
-			return errors.Wrapf(err, "failed to init dir %s", dir.path)
+		if err != nil {
+			if !os.IsExist(err) {
+				return errors.Wrapf(err, "Failed to init dir %s", dir.path)
+			}
+
+			err = os.Chmod(dir.path, dir.mode)
+			if err != nil {
+				return errors.Wrapf(err, "Failed to chmod dir %s", dir.path)
+			}
 		}
 	}
 


More information about the lxc-devel mailing list