isula-build: change default umask of isula-builder process
Signed-off-by: Lu Jingxiao <lujingxiao@huawei.com>
This commit is contained in:
Lu Jingxiao
parent
90807e5013
commit
e46a9bb5bc
@ -1 +1 @@
|
|||||||
0.9.4-12
|
0.9.4-13
|
||||||
|
|||||||
@ -1 +1 @@
|
|||||||
2c3d247b4b89071ce93669e85c47ac846820c1c6
|
a7020e9811168d5cebb809294adb6445ba134753
|
||||||
|
|||||||
@ -2,7 +2,7 @@
|
|||||||
|
|
||||||
Name: isula-build
|
Name: isula-build
|
||||||
Version: 0.9.4
|
Version: 0.9.4
|
||||||
Release: 12
|
Release: 13
|
||||||
Summary: A tool to build container images
|
Summary: A tool to build container images
|
||||||
License: Mulan PSL V2
|
License: Mulan PSL V2
|
||||||
URL: https://gitee.com/openeuler/isula-build
|
URL: https://gitee.com/openeuler/isula-build
|
||||||
@ -85,6 +85,9 @@ fi
|
|||||||
/usr/share/bash-completion/completions/isula-build
|
/usr/share/bash-completion/completions/isula-build
|
||||||
|
|
||||||
%changelog
|
%changelog
|
||||||
|
* Fri Dec 11 2020 lujingxiao <lujingxiao@huawei.com> - 0.9.4-12
|
||||||
|
- Change default umask of isula-builder process
|
||||||
|
|
||||||
* Tue Dec 08 2020 caihaomin<caihaomin@huawei.com> - 0.9.4-12
|
* Tue Dec 08 2020 caihaomin<caihaomin@huawei.com> - 0.9.4-12
|
||||||
- Fix printing FROM command double times to console
|
- Fix printing FROM command double times to console
|
||||||
|
|
||||||
|
|||||||
37
patch/0075-change-default-umask-of-isula-builder-pr.patch
Normal file
37
patch/0075-change-default-umask-of-isula-builder-pr.patch
Normal file
@ -0,0 +1,37 @@
|
|||||||
|
From c9aa2a92e06d32dada0029fbf9154f23afbf506b Mon Sep 17 00:00:00 2001
|
||||||
|
From: Lu Jingxiao <lujingxiao@huawei.com>
|
||||||
|
Date: Fri, 11 Dec 2020 10:53:36 +0800
|
||||||
|
Subject: [PATCH] isula-build: change default umask of isula-builder process
|
||||||
|
|
||||||
|
As the daemon process, the working umask 0027 is not suitable.
|
||||||
|
0022 is better.
|
||||||
|
|
||||||
|
Take this example:
|
||||||
|
isula-builder using 0027, the working dir of container for RUN command
|
||||||
|
(overlay/merged dir, as an example), has the 0640. Then developer changes
|
||||||
|
working user in RUN command to a non-root user, it will not have
|
||||||
|
correct permission to work.
|
||||||
|
|
||||||
|
Signed-off-by: Lu Jingxiao <lujingxiao@huawei.com>
|
||||||
|
---
|
||||||
|
constant.go | 4 ++--
|
||||||
|
1 file changed, 2 insertions(+), 2 deletions(-)
|
||||||
|
|
||||||
|
diff --git a/constant.go b/constant.go
|
||||||
|
index a0abfc9..30c1653 100644
|
||||||
|
--- a/constant.go
|
||||||
|
+++ b/constant.go
|
||||||
|
@@ -51,8 +51,8 @@ const (
|
||||||
|
DefaultRootDirMode = 0700
|
||||||
|
// DefaultReadOnlyFileMode is the default root read only file mode
|
||||||
|
DefaultReadOnlyFileMode = 0444
|
||||||
|
- // DefaultUmask is the working umask in isula-builder
|
||||||
|
- DefaultUmask = 0027
|
||||||
|
+ // DefaultUmask is the working umask of isula-builder as a process, not for users
|
||||||
|
+ DefaultUmask = 0022
|
||||||
|
// CliLogBufferLen is log channel buffer size
|
||||||
|
CliLogBufferLen = 8
|
||||||
|
// HostsFilePath is the path of file hosts
|
||||||
|
--
|
||||||
|
2.17.1
|
||||||
|
|
||||||
@ -12,3 +12,4 @@ patch/0071-imporve-daemon-push-and-pull-unit-test.patch
|
|||||||
patch/0072-fuzz-add-more-fuzz-tests.patch
|
patch/0072-fuzz-add-more-fuzz-tests.patch
|
||||||
patch/0073-cleancode-fix-problems-found-by-code-review.patch
|
patch/0073-cleancode-fix-problems-found-by-code-review.patch
|
||||||
patch/0074-fix-printing-FROM-command-double-times-to-console.patch
|
patch/0074-fix-printing-FROM-command-double-times-to-console.patch
|
||||||
|
patch/0075-change-default-umask-of-isula-builder-pr.patch
|
||||||
|
|||||||
Loading…
x
Reference in New Issue
Block a user