!500 remove chmod 751 permission for dirs by engine when user-remap enabled

From: @vegbir 
Reviewed-by: @zhangsong234, @duguhaotian 
Signed-off-by: @duguhaotian

0047-remove-chmod-751-permission-for-dirs-by-engine-when-.patch

@@ -0,0 +1,86 @@
+From 4814ce0283857e1d07c491dab3876136a0a6a714 Mon Sep 17 00:00:00 2001
+From: yangjiaqi <yangjiaqi16@huawei.com>
+Date: Mon, 28 Nov 2022 18:36:10 +0800
+Subject: [PATCH] remove chmod 751 permission for dirs by engine when
+ user-remap enabled
+
+---
+ .../modules/service/service_container.c       | 55 -------------------
+ 1 file changed, 55 deletions(-)
+
+diff --git a/src/daemon/modules/service/service_container.c b/src/daemon/modules/service/service_container.c
+index 2b3c879..85a8ab5 100644
+--- a/src/daemon/modules/service/service_container.c
++++ b/src/daemon/modules/service/service_container.c
+@@ -413,54 +413,6 @@ static int mount_host_channel(const host_config_host_channel *host_channel, cons
+     return 0;
+ }
+ 
+-static int chmod_runtime_bundle_permission(const char *runtime)
+-{
+-    int ret = 0;
+-    char *bundle_dir = NULL;
+-    char *engine_dir = NULL;
+-    char *root_dir = NULL;
+-
+-    bundle_dir = conf_get_routine_rootdir(runtime);
+-    if (bundle_dir == NULL) {
+-        ret = -1;
+-        goto error_out;
+-    }
+-
+-    engine_dir = conf_get_engine_rootpath();
+-    if (engine_dir == NULL) {
+-        ret = -1;
+-        goto error_out;
+-    }
+-
+-    root_dir = conf_get_isulad_rootdir();
+-    if (root_dir == NULL) {
+-        ret = -1;
+-        goto error_out;
+-    }
+-
+-    ret = chmod(bundle_dir, USER_REMAP_DIRECTORY_MODE);
+-    if (ret != 0) {
+-        ERROR("Failed to chmod bundle dir '%s' for user remap", bundle_dir);
+-        goto error_out;
+-    }
+-    ret = chmod(engine_dir, USER_REMAP_DIRECTORY_MODE);
+-    if (ret != 0) {
+-        ERROR("Failed to chmod engine dir '%s' for user remap", engine_dir);
+-        goto error_out;
+-    }
+-    ret = chmod(root_dir, USER_REMAP_DIRECTORY_MODE);
+-    if (ret != 0) {
+-        ERROR("Failed to chmod root dir '%s' for user remap", root_dir);
+-        goto error_out;
+-    }
+-
+-error_out:
+-    free(bundle_dir);
+-    free(engine_dir);
+-    free(root_dir);
+-    return ret;
+-}
+-
+ static int prepare_user_remap_config(const container_t *cont)
+ {
+     if (cont == NULL) {
+@@ -471,13 +423,6 @@ static int prepare_user_remap_config(const container_t *cont)
+         return 0;
+     }
+ 
+-    if (cont->hostconfig->user_remap != NULL) {
+-        if (chmod_runtime_bundle_permission(cont->runtime)) {
+-            ERROR("Failed to chmod bundle permission for user remap");
+-            return -1;
+-        }
+-    }
+-
+     if (cont->hostconfig->host_channel != NULL) {
+         if (mount_host_channel(cont->hostconfig->host_channel, cont->hostconfig->user_remap)) {
+             ERROR("Failed to mount host channel");
+-- 
+2.30.0
+

iSulad.spec

@@ -1,5 +1,5 @@
 %global _version 2.0.17
-%global _release 9
+%global _release 10
 %global is_systemd 1
 %global enable_shimv2 1
 %global is_embedded 1
@@ -59,6 +59,7 @@ Patch0043: 0043-fix-do-container_unref-in-oci_rootfs_clean.patch
 Patch0044: 0044-fix-can-not-install-isulad-rpm-because-of-spec.patch
 Patch0045: 0045-remove-unknown-option-wno-maybe-uninitialized.patch
 Patch0046: 0046-add-primary-group-to-additional-groups.patch
+Patch0047: 0047-remove-chmod-751-permission-for-dirs-by-engine-when-.patch
 
 %ifarch x86_64 aarch64
 Provides:       libhttpclient.so()(64bit)
@@ -285,6 +286,12 @@ fi
 %endif
 
 %changelog
+* Mon Nov 28 2022 yangjiaqi <yangjiaqi16@huawei.com> - 2.0.17-10
+- Type: bugfix
+- ID: NA
+- SUG: NA
+- DESC: remove chmod 751 permission for dirs by engine when user-remap enabled
+
 * Fri Nov 25 2022 zhangxiaoyu <zhangxiaoyu58@huawei.com> - 2.0.17-9
 - Type: bugfix
 - ID: NA