[lxc-devel] [lxd/master] shared: Skip chown when copying symlinks

monstermunchkin on Github lxc-bot at linuxcontainers.org
Thu Sep 12 07:47:10 UTC 2019 

A non-text attachment was scrubbed...
Name: not available
Type: text/x-mailbox
Size: 557 bytes
Desc: not available
URL: <http://lists.linuxcontainers.org/pipermail/lxc-devel/attachments/20190912/01d6fa14/attachment.bin>
-------------- next part --------------
From 22b2adc33873dd08b6023d1c794f776210aa5bdb Mon Sep 17 00:00:00 2001
From: Thomas Hipp <thomas.hipp at canonical.com>
Date: Thu, 12 Sep 2019 09:37:05 +0200
Subject: [PATCH] shared: Skip chown when copying symlinks

Skip chown when copying symlinks. When performing copy operations for
chroot environments (outside of the actual env), this may lead to
issues regarding the ownership of files on the host machine.

Signed-off-by: Thomas Hipp <thomas.hipp at canonical.com>
---
 shared/util.go | 51 +++++++++++++++++++++++++-------------------------
 1 file changed, 25 insertions(+), 26 deletions(-)

diff --git a/shared/util.go b/shared/util.go
index ed38696132..b66f7b221f 100644
--- a/shared/util.go
+++ b/shared/util.go
@@ -353,8 +353,6 @@ func FileCopy(source string, dest string) error {
 		return err
 	}
 
-	var d *os.File
-
 	if fi.Mode()&os.ModeSymlink != 0 {
 		target, err := os.Readlink(source)
 		if err != nil {
@@ -373,36 +371,37 @@ func FileCopy(source string, dest string) error {
 			return err
 		}
 
-		d, err = os.OpenFile(dest, os.O_WRONLY, fi.Mode())
-		if err != nil {
-			return err
-		}
-		defer d.Close()
-	} else {
-		s, err := os.Open(source)
-		if err != nil {
-			return err
-		}
-		defer s.Close()
+		// Exit early and skip Chown() if we're copying a symlink. Chown()
+		// changes the ownership of the target file which may lead to problems
+		// when performing copy operations for files in a chroot env (outside of
+		// the env). In that case, ownership of files on the host machine may
+		// be changed unintentially.
+		return nil
+	}
 
-		d, err = os.Create(dest)
-		if err != nil {
-			if os.IsExist(err) {
-				d, err = os.OpenFile(dest, os.O_WRONLY, fi.Mode())
-				if err != nil {
-					return err
-				}
-			} else {
+	s, err := os.Open(source)
+	if err != nil {
+		return err
+	}
+	defer s.Close()
+
+	d, err := os.Create(dest)
+	if err != nil {
+		if os.IsExist(err) {
+			d, err = os.OpenFile(dest, os.O_WRONLY, fi.Mode())
+			if err != nil {
 				return err
 			}
-		}
-		defer d.Close()
-
-		_, err = io.Copy(d, s)
-		if err != nil {
+		} else {
 			return err
 		}
 	}
+	defer d.Close()
+
+	_, err = io.Copy(d, s)
+	if err != nil {
+		return err
+	}
 
 	/* chown not supported on windows */
 	if runtime.GOOS != "windows" {

More information about the lxc-devel mailing list