From 2cfab675a9aa5bac8948e5010819cc24a3b8b305 Mon Sep 17 00:00:00 2001 From: yangjiaqi Date: Mon, 28 Nov 2022 18:51:25 +0800 Subject: [PATCH] remove chmod 751 permission for dirs by engine when user-remap enabled --- ...-permission-for-dirs-by-engine-when-.patch | 86 +++++++++++++++++++ iSulad.spec | 9 +- 2 files changed, 94 insertions(+), 1 deletion(-) create mode 100644 0047-remove-chmod-751-permission-for-dirs-by-engine-when-.patch diff --git a/0047-remove-chmod-751-permission-for-dirs-by-engine-when-.patch b/0047-remove-chmod-751-permission-for-dirs-by-engine-when-.patch new file mode 100644 index 0000000..ce20681 --- /dev/null +++ b/0047-remove-chmod-751-permission-for-dirs-by-engine-when-.patch @@ -0,0 +1,86 @@ +From 4814ce0283857e1d07c491dab3876136a0a6a714 Mon Sep 17 00:00:00 2001 +From: yangjiaqi +Date: Mon, 28 Nov 2022 18:36:10 +0800 +Subject: [PATCH] remove chmod 751 permission for dirs by engine when + user-remap enabled + +--- + .../modules/service/service_container.c | 55 ------------------- + 1 file changed, 55 deletions(-) + +diff --git a/src/daemon/modules/service/service_container.c b/src/daemon/modules/service/service_container.c +index 2b3c879..85a8ab5 100644 +--- a/src/daemon/modules/service/service_container.c ++++ b/src/daemon/modules/service/service_container.c +@@ -413,54 +413,6 @@ static int mount_host_channel(const host_config_host_channel *host_channel, cons + return 0; + } + +-static int chmod_runtime_bundle_permission(const char *runtime) +-{ +- int ret = 0; +- char *bundle_dir = NULL; +- char *engine_dir = NULL; +- char *root_dir = NULL; +- +- bundle_dir = conf_get_routine_rootdir(runtime); +- if (bundle_dir == NULL) { +- ret = -1; +- goto error_out; +- } +- +- engine_dir = conf_get_engine_rootpath(); +- if (engine_dir == NULL) { +- ret = -1; +- goto error_out; +- } +- +- root_dir = conf_get_isulad_rootdir(); +- if (root_dir == NULL) { +- ret = -1; +- goto error_out; +- } +- +- ret = chmod(bundle_dir, USER_REMAP_DIRECTORY_MODE); +- if (ret != 0) { +- ERROR("Failed to chmod bundle dir '%s' for user remap", bundle_dir); +- goto error_out; +- } +- ret = chmod(engine_dir, USER_REMAP_DIRECTORY_MODE); +- if (ret != 0) { +- ERROR("Failed to chmod engine dir '%s' for user remap", engine_dir); +- goto error_out; +- } +- ret = chmod(root_dir, USER_REMAP_DIRECTORY_MODE); +- if (ret != 0) { +- ERROR("Failed to chmod root dir '%s' for user remap", root_dir); +- goto error_out; +- } +- +-error_out: +- free(bundle_dir); +- free(engine_dir); +- free(root_dir); +- return ret; +-} +- + static int prepare_user_remap_config(const container_t *cont) + { + if (cont == NULL) { +@@ -471,13 +423,6 @@ static int prepare_user_remap_config(const container_t *cont) + return 0; + } + +- if (cont->hostconfig->user_remap != NULL) { +- if (chmod_runtime_bundle_permission(cont->runtime)) { +- ERROR("Failed to chmod bundle permission for user remap"); +- return -1; +- } +- } +- + if (cont->hostconfig->host_channel != NULL) { + if (mount_host_channel(cont->hostconfig->host_channel, cont->hostconfig->user_remap)) { + ERROR("Failed to mount host channel"); +-- +2.30.0 + diff --git a/iSulad.spec b/iSulad.spec index 92cd488..077c08f 100644 --- a/iSulad.spec +++ b/iSulad.spec @@ -1,5 +1,5 @@ %global _version 2.0.17 -%global _release 9 +%global _release 10 %global is_systemd 1 %global enable_shimv2 1 %global is_embedded 1 @@ -59,6 +59,7 @@ Patch0043: 0043-fix-do-container_unref-in-oci_rootfs_clean.patch Patch0044: 0044-fix-can-not-install-isulad-rpm-because-of-spec.patch Patch0045: 0045-remove-unknown-option-wno-maybe-uninitialized.patch Patch0046: 0046-add-primary-group-to-additional-groups.patch +Patch0047: 0047-remove-chmod-751-permission-for-dirs-by-engine-when-.patch %ifarch x86_64 aarch64 Provides: libhttpclient.so()(64bit) @@ -285,6 +286,12 @@ fi %endif %changelog +* Mon Nov 28 2022 yangjiaqi - 2.0.17-10 +- Type: bugfix +- ID: NA +- SUG: NA +- DESC: remove chmod 751 permission for dirs by engine when user-remap enabled + * Fri Nov 25 2022 zhangxiaoyu - 2.0.17-9 - Type: bugfix - ID: NA