From 0c21cb71efd5f81164c67f493f6070714ff3c287 Mon Sep 17 00:00:00 2001
From: gaohuatao <gaohuatao@huawei.com>
Date: Wed, 21 Oct 2020 09:19:45 -0400
Subject: [PATCH 09/28] add non root group

Signed-off-by: gaohuatao <gaohuatao@huawei.com>
---
 src/cmd/isulad/main.c             | 20 ++++++++++++-----
 src/common/constants.h            |  2 ++
 src/daemon/config/isulad_config.c | 31 +-------------------------
 src/utils/cutils/utils_file.c     | 36 +++++++++++++++++++++++++++++++
 src/utils/cutils/utils_file.h     |  2 ++
 5 files changed, 56 insertions(+), 35 deletions(-)

diff --git a/src/cmd/isulad/main.c b/src/cmd/isulad/main.c
index 7a932b6..9297aad 100644
--- a/src/cmd/isulad/main.c
+++ b/src/cmd/isulad/main.c
@@ -81,20 +81,30 @@ static int create_client_run_path(const char *group)
 {
     int ret = 0;
     const char *rundir = "/var/run/isula";
+
     if (group == NULL) {
         return -1;
     }
-    ret = util_mkdir_p(rundir, DEFAULT_SECURE_DIRECTORY_MODE);
-    if (ret < 0) {
+
+    if (util_mkdir_p(rundir, ISULA_CLIENT_DIRECTORY_MODE) < 0) {
         ERROR("Unable to create client run directory %s.", rundir);
-        return ret;
+        ret = -1;
+        goto out;
     }
 
-    ret = chmod(rundir, DEFAULT_SECURE_DIRECTORY_MODE);
-    if (ret < 0) {
+    if (chmod(rundir, ISULA_CLIENT_DIRECTORY_MODE) < 0) {
         ERROR("Failed to chmod for client run path: %s", rundir);
+        ret = -1;
+        goto out;
     }
 
+    if (util_set_file_group(rundir, group) != 0) {
+        ERROR("set group of the path: %s failed", rundir);
+        ret = -1;
+        goto out;
+    }
+    
+out:
     return ret;
 }
 
diff --git a/src/common/constants.h b/src/common/constants.h
index 420ac92..52bb0a8 100644
--- a/src/common/constants.h
+++ b/src/common/constants.h
@@ -26,6 +26,8 @@ extern "C" {
 
 #define DEFAULT_SECURE_DIRECTORY_MODE 0750
 
+#define ISULA_CLIENT_DIRECTORY_MODE 0770
+
 #define USER_REMAP_DIRECTORY_MODE 0751
 
 #define ROOTFS_MNT_DIRECTORY_MODE 0640
diff --git a/src/daemon/config/isulad_config.c b/src/daemon/config/isulad_config.c
index c79c6a1..4832985 100644
--- a/src/daemon/config/isulad_config.c
+++ b/src/daemon/config/isulad_config.c
@@ -13,7 +13,6 @@
  * Description: provide container configure definition
  ******************************************************************************/
 #include <unistd.h>
-#include <grp.h>
 #include <sys/stat.h>
 #include <stdio.h>
 #include <stdlib.h>
@@ -1157,34 +1156,6 @@ out:
     return ret;
 }
 
-/* set path group */
-static int set_path_group(const char *rpath, const char *group)
-{
-    struct group *grp = NULL;
-    gid_t gid;
-
-    grp = getgrnam(group);
-
-    if (grp != NULL) {
-        gid = grp->gr_gid;
-        DEBUG("Group %s found, gid: %d", group, gid);
-        if (chown(rpath, -1, gid) != 0) {
-            DEBUG("Failed to chown %s to gid: %d", rpath, gid);
-            return -1;
-        }
-    } else {
-        if (strcmp(group, "docker") == 0 || strcmp(group, "isula") == 0) {
-            DEBUG("Warning: could not change group %s to %s", rpath, group);
-        } else {
-            ERROR("Group %s not found", group);
-            isulad_set_error_message("Group %s not found", group);
-            return -1;
-        }
-    }
-
-    return 0;
-}
-
 /* set socket group */
 int set_unix_socket_group(const char *socket, const char *group)
 {
@@ -1205,7 +1176,7 @@ int set_unix_socket_group(const char *socket, const char *group)
         goto out;
     }
     INFO("set socket: %s with group: %s", socket, group);
-    nret = set_path_group(rpath, group);
+    nret = util_set_file_group(rpath, group);
     if (nret < 0) {
         ERROR("set group of the path: %s failed", rpath);
         ret = -1;
diff --git a/src/utils/cutils/utils_file.c b/src/utils/cutils/utils_file.c
index 7a965c0..92e032b 100644
--- a/src/utils/cutils/utils_file.c
+++ b/src/utils/cutils/utils_file.c
@@ -29,6 +29,8 @@
 #include <dirent.h>
 #include <fcntl.h>
 #include <limits.h>
+#include <sys/types.h>
+#include <grp.h>
 
 #include "constants.h"
 #include "isula_libutils/log.h"
@@ -1574,3 +1576,37 @@ out:
     free(line);
     return ret;
 }
+
+int util_set_file_group(const char *fname, const char *group)
+{
+    int ret = 0;
+    struct group *grp = NULL;
+    gid_t gid;
+
+    if (fname == NULL || group == NULL) {
+        ERROR("Invalid NULL params");
+        return -1;
+    }
+
+    grp = getgrnam(group);
+    if (grp != NULL) {
+        gid = grp->gr_gid;
+        DEBUG("Group %s found, gid: %d", group, gid);
+        if (chown(fname, -1, gid) != 0) {
+            ERROR("Failed to chown %s to gid: %d", fname, gid);
+            ret = -1;
+            goto out;
+        }
+    } else {
+        if (strcmp(group, "docker") == 0 || strcmp(group, "isula") == 0) {
+            DEBUG("Warning: could not change group %s to %s", fname, group);
+        } else {
+            ERROR("Group %s not found", group);
+            ret = -1;
+            goto out;
+        }
+    }
+
+out:
+    return ret;
+}
diff --git a/src/utils/cutils/utils_file.h b/src/utils/cutils/utils_file.h
index 1bd2d69..3aff3d6 100644
--- a/src/utils/cutils/utils_file.h
+++ b/src/utils/cutils/utils_file.h
@@ -98,6 +98,8 @@ typedef bool (*read_line_callback_t)(const char *, void *context);
 
 int util_proc_file_line_by_line(FILE *fp, read_line_callback_t cb, void *context);
 
+int util_set_file_group(const char *fname, const char *group);
+
 #ifdef __cplusplus
 }
 #endif
-- 
2.20.1