packages/iSulad
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
iSulad/0009-add-non-root-group.patch

191 lines
5.4 KiB
Diff
Raw Normal View History

update from openeuler Signed-off-by: gaohuatao <gaohuatao@huawei.com>
2020-11-12 19:32:18 +08:00
From 0c21cb71efd5f81164c67f493f6070714ff3c287 Mon Sep 17 00:00:00 2001
From: gaohuatao <gaohuatao@huawei.com>
Date: Wed, 21 Oct 2020 09:19:45 -0400
Subject: [PATCH 09/28] add non root group
Signed-off-by: gaohuatao <gaohuatao@huawei.com>
---
src/cmd/isulad/main.c | 20 ++++++++++++-----
src/common/constants.h | 2 ++
src/daemon/config/isulad_config.c | 31 +-------------------------
src/utils/cutils/utils_file.c | 36 +++++++++++++++++++++++++++++++
src/utils/cutils/utils_file.h | 2 ++
5 files changed, 56 insertions(+), 35 deletions(-)
diff --git a/src/cmd/isulad/main.c b/src/cmd/isulad/main.c
index 7a932b6..9297aad 100644
--- a/src/cmd/isulad/main.c
+++ b/src/cmd/isulad/main.c
@@ -81,20 +81,30 @@ static int create_client_run_path(const char *group)
{
int ret = 0;
const char *rundir = "/var/run/isula";
+
if (group == NULL) {
return -1;
}
- ret = util_mkdir_p(rundir, DEFAULT_SECURE_DIRECTORY_MODE);
- if (ret < 0) {
+
+ if (util_mkdir_p(rundir, ISULA_CLIENT_DIRECTORY_MODE) < 0) {
ERROR("Unable to create client run directory %s.", rundir);
- return ret;
+ ret = -1;
+ goto out;
}
- ret = chmod(rundir, DEFAULT_SECURE_DIRECTORY_MODE);
- if (ret < 0) {
+ if (chmod(rundir, ISULA_CLIENT_DIRECTORY_MODE) < 0) {
ERROR("Failed to chmod for client run path: %s", rundir);
+ ret = -1;
+ goto out;
}
+ if (util_set_file_group(rundir, group) != 0) {
+ ERROR("set group of the path: %s failed", rundir);
+ ret = -1;
+ goto out;
+ }
+
+out:
return ret;
}
diff --git a/src/common/constants.h b/src/common/constants.h
index 420ac92..52bb0a8 100644
--- a/src/common/constants.h
+++ b/src/common/constants.h
@@ -26,6 +26,8 @@ extern "C" {
#define DEFAULT_SECURE_DIRECTORY_MODE 0750
+#define ISULA_CLIENT_DIRECTORY_MODE 0770
+
#define USER_REMAP_DIRECTORY_MODE 0751
#define ROOTFS_MNT_DIRECTORY_MODE 0640
diff --git a/src/daemon/config/isulad_config.c b/src/daemon/config/isulad_config.c
index c79c6a1..4832985 100644
--- a/src/daemon/config/isulad_config.c
+++ b/src/daemon/config/isulad_config.c
@@ -13,7 +13,6 @@
* Description: provide container configure definition
******************************************************************************/
#include <unistd.h>
-#include <grp.h>
#include <sys/stat.h>
#include <stdio.h>
#include <stdlib.h>
@@ -1157,34 +1156,6 @@ out:
return ret;
}
-/* set path group */
-static int set_path_group(const char *rpath, const char *group)
-{
- struct group *grp = NULL;
- gid_t gid;
-
- grp = getgrnam(group);
-
- if (grp != NULL) {
- gid = grp->gr_gid;
- DEBUG("Group %s found, gid: %d", group, gid);
- if (chown(rpath, -1, gid) != 0) {
- DEBUG("Failed to chown %s to gid: %d", rpath, gid);
- return -1;
- }
- } else {
- if (strcmp(group, "docker") == 0 || strcmp(group, "isula") == 0) {
- DEBUG("Warning: could not change group %s to %s", rpath, group);
- } else {
- ERROR("Group %s not found", group);
- isulad_set_error_message("Group %s not found", group);
- return -1;
- }
- }
-
- return 0;
-}
-
/* set socket group */
int set_unix_socket_group(const char *socket, const char *group)
{
@@ -1205,7 +1176,7 @@ int set_unix_socket_group(const char *socket, const char *group)
goto out;
}
INFO("set socket: %s with group: %s", socket, group);
- nret = set_path_group(rpath, group);
+ nret = util_set_file_group(rpath, group);
if (nret < 0) {
ERROR("set group of the path: %s failed", rpath);
ret = -1;
diff --git a/src/utils/cutils/utils_file.c b/src/utils/cutils/utils_file.c
index 7a965c0..92e032b 100644
--- a/src/utils/cutils/utils_file.c
+++ b/src/utils/cutils/utils_file.c
@@ -29,6 +29,8 @@
#include <dirent.h>
#include <fcntl.h>
#include <limits.h>
+#include <sys/types.h>
+#include <grp.h>
#include "constants.h"
#include "isula_libutils/log.h"
@@ -1574,3 +1576,37 @@ out:
free(line);
return ret;
}
+
+int util_set_file_group(const char *fname, const char *group)
+{
+ int ret = 0;
+ struct group *grp = NULL;
+ gid_t gid;
+
+ if (fname == NULL || group == NULL) {
+ ERROR("Invalid NULL params");
+ return -1;
+ }
+
+ grp = getgrnam(group);
+ if (grp != NULL) {
+ gid = grp->gr_gid;
+ DEBUG("Group %s found, gid: %d", group, gid);
+ if (chown(fname, -1, gid) != 0) {
+ ERROR("Failed to chown %s to gid: %d", fname, gid);
+ ret = -1;
+ goto out;
+ }
+ } else {
+ if (strcmp(group, "docker") == 0 || strcmp(group, "isula") == 0) {
+ DEBUG("Warning: could not change group %s to %s", fname, group);
+ } else {
+ ERROR("Group %s not found", group);
+ ret = -1;
+ goto out;
+ }
+ }
+
+out:
+ return ret;
+}
diff --git a/src/utils/cutils/utils_file.h b/src/utils/cutils/utils_file.h
index 1bd2d69..3aff3d6 100644
--- a/src/utils/cutils/utils_file.h
+++ b/src/utils/cutils/utils_file.h
@@ -98,6 +98,8 @@ typedef bool (*read_line_callback_t)(const char *, void *context);
int util_proc_file_line_by_line(FILE *fp, read_line_callback_t cb, void *context);
+int util_set_file_group(const char *fname, const char *group);
+
#ifdef __cplusplus
}
#endif
--
2.20.1
Reference in New Issue Copy Permalink