isula-build: change default umask of isula-builder process

Signed-off-by: Lu Jingxiao <lujingxiao@huawei.com>
2020-12-11 11:29:49 +08:00 · 2020-12-11 11:29:49 +08:00 · e46a9bb5bc
commit e46a9bb5bc
parent 90807e5013
5 changed files with 44 additions and 3 deletions
--- a/2
+++ b/2
@ -1 +1 @@
-0.9.4-12
+0.9.4-13
--- a/2
+++ b/2
@ -1 +1 @@
-2c3d247b4b89071ce93669e85c47ac846820c1c6
+a7020e9811168d5cebb809294adb6445ba134753
--- a/isula-build.spec
+++ b/isula-build.spec
@ -2,7 +2,7 @@

 Name: isula-build
 Version: 0.9.4
-Release: 12
+Release: 13
 Summary: A tool to build container images
 License: Mulan PSL V2
 URL: https://gitee.com/openeuler/isula-build
@ -85,6 +85,9 @@ fi
 /usr/share/bash-completion/completions/isula-build

 %changelog
+* Fri Dec 11 2020 lujingxiao <lujingxiao@huawei.com> - 0.9.4-12
+- Change default umask of isula-builder process
+
 * Tue Dec 08 2020 caihaomin<caihaomin@huawei.com> - 0.9.4-12
 - Fix printing FROM command double times to console

--- a/patch/0075-change-default-umask-of-isula-builder-pr.patch
+++ b/patch/0075-change-default-umask-of-isula-builder-pr.patch
@ -0,0 +1,37 @@
+From c9aa2a92e06d32dada0029fbf9154f23afbf506b Mon Sep 17 00:00:00 2001
+From: Lu Jingxiao <lujingxiao@huawei.com>
+Date: Fri, 11 Dec 2020 10:53:36 +0800
+Subject: [PATCH] isula-build: change default umask of isula-builder process
+
+As the daemon process, the working umask 0027 is not suitable.
+0022 is better.
+
+Take this example:
+isula-builder using 0027, the working dir of container for RUN command
+(overlay/merged dir, as an example), has the 0640. Then developer changes
+working user in RUN command to a non-root user, it will not have
+correct permission to work.
+
+Signed-off-by: Lu Jingxiao <lujingxiao@huawei.com>
+---
+ constant.go | 4 ++--
+ 1 file changed, 2 insertions(+), 2 deletions(-)
+
+diff --git a/constant.go b/constant.go
+index a0abfc9..30c1653 100644
+--- a/constant.go
+++ b/constant.go
+@@ -51,8 +51,8 @@ const (
+ 	DefaultRootDirMode = 0700
+ 	// DefaultReadOnlyFileMode is the default root read only file mode
+ 	DefaultReadOnlyFileMode = 0444
+-	// DefaultUmask is the working umask in isula-builder
+-	DefaultUmask = 0027
+	// DefaultUmask is the working umask of isula-builder as a process, not for users
+	DefaultUmask = 0022
+ 	// CliLogBufferLen is log channel buffer size
+ 	CliLogBufferLen = 8
+ 	// HostsFilePath is the path of file hosts
+-- 
+2.17.1
+
--- a/series.conf
+++ b/series.conf
@ -12,3 +12,4 @@ patch/0071-imporve-daemon-push-and-pull-unit-test.patch
 patch/0072-fuzz-add-more-fuzz-tests.patch
 patch/0073-cleancode-fix-problems-found-by-code-review.patch
 patch/0074-fix-printing-FROM-command-double-times-to-console.patch
+patch/0075-change-default-umask-of-isula-builder-pr.patch
 @ -1 +1 @@
 .9.4-12
 .9.4-13