111 lines
3.1 KiB
Diff
111 lines
3.1 KiB
Diff
|
From 22613294ae751f47409cfac03a7fd28cf9222031 Mon Sep 17 00:00:00 2001
|
||
|
|
From: LiFeng <lifeng68@huawei.com>
|
||
|
|
Date: Fri, 28 Feb 2020 22:59:05 -0500
|
||
|
|
Subject: [PATCH 140/140] lxc: remove umask when populate devices
|
||
|
|
|
||
|
|
Signed-off-by: LiFeng <lifeng68@huawei.com>
|
||
|
|
---
|
||
|
|
src/lxc/conf.c | 38 ++++++++++++++++++++++++++------------
|
||
|
|
1 file changed, 26 insertions(+), 12 deletions(-)
|
||
|
|
|
||
|
|
diff --git a/src/lxc/conf.c b/src/lxc/conf.c
|
||
|
|
index b66e7bc..65b33ea 100644
|
||
|
|
--- a/src/lxc/conf.c
|
||
|
|
+++ b/src/lxc/conf.c
|
||
|
|
@@ -4008,23 +4008,28 @@ static int setup_populate_devs(const struct lxc_rootfs *rootfs, struct lxc_list
|
||
|
|
mode_t file_mode = 0;
|
||
|
|
struct lxc_populate_devs *dev_elem = NULL;
|
||
|
|
struct lxc_list *it = NULL;
|
||
|
|
+ mode_t cur_mask;
|
||
|
|
|
||
|
|
INFO("Populating devices into container");
|
||
|
|
+ cur_mask = umask(0000);
|
||
|
|
lxc_list_for_each(it, devs) {
|
||
|
|
dev_elem = it->elem;
|
||
|
|
|
||
|
|
ret = snprintf(path, MAXPATHLEN, "%s/%s", rootfs->path ? rootfs->mount : "", dev_elem->name);
|
||
|
|
- if (ret < 0 || ret >= MAXPATHLEN)
|
||
|
|
- return -1;
|
||
|
|
+ if (ret < 0 || ret >= MAXPATHLEN) {
|
||
|
|
+ ret = -1;
|
||
|
|
+ goto reset_umask;
|
||
|
|
+ }
|
||
|
|
|
||
|
|
/* create any missing directories */
|
||
|
|
pathdirname = safe_strdup(path);
|
||
|
|
pathdirname = dirname(pathdirname);
|
||
|
|
- ret = mkdir_p(pathdirname, 0750);
|
||
|
|
+ ret = mkdir_p(pathdirname, 0755);
|
||
|
|
free(pathdirname);
|
||
|
|
if (ret < 0) {
|
||
|
|
WARN("Failed to create target directory");
|
||
|
|
- return -1;
|
||
|
|
+ ret = -1;
|
||
|
|
+ goto reset_umask;
|
||
|
|
}
|
||
|
|
|
||
|
|
if (!strcmp(dev_elem->type, "c")) {
|
||
|
|
@@ -4033,7 +4038,8 @@ static int setup_populate_devs(const struct lxc_rootfs *rootfs, struct lxc_list
|
||
|
|
file_mode = dev_elem->file_mode | S_IFBLK;
|
||
|
|
} else {
|
||
|
|
ERROR("Failed to parse devices type '%s'", dev_elem->type);
|
||
|
|
- return -1;
|
||
|
|
+ ret = -1;
|
||
|
|
+ goto reset_umask;
|
||
|
|
}
|
||
|
|
|
||
|
|
DEBUG("Try to mknod '%s':'%d':'%d':'%d'\n", path,
|
||
|
|
@@ -4045,34 +4051,42 @@ static int setup_populate_devs(const struct lxc_rootfs *rootfs, struct lxc_list
|
||
|
|
file_mode, dev_elem->maj, dev_elem->min);
|
||
|
|
|
||
|
|
char hostpath[MAXPATHLEN];
|
||
|
|
- FILE *pathfile;
|
||
|
|
+ FILE *pathfile = NULL;
|
||
|
|
|
||
|
|
// Unprivileged containers cannot create devices, so
|
||
|
|
// try to bind mount the device from the host
|
||
|
|
ret = snprintf(hostpath, MAXPATHLEN, "/dev/%s", dev_elem->name);
|
||
|
|
- if (ret < 0 || ret >= MAXPATHLEN)
|
||
|
|
- return -1;
|
||
|
|
+ if (ret < 0 || ret >= MAXPATHLEN) {
|
||
|
|
+ ret = -1;
|
||
|
|
+ goto reset_umask;
|
||
|
|
+ }
|
||
|
|
pathfile = lxc_fopen(path, "wb");
|
||
|
|
if (!pathfile) {
|
||
|
|
SYSERROR("Failed to create device mount target '%s'", path);
|
||
|
|
- return -1;
|
||
|
|
+ ret = -1;
|
||
|
|
+ goto reset_umask;
|
||
|
|
}
|
||
|
|
fclose(pathfile);
|
||
|
|
if (safe_mount(hostpath, path, 0, MS_BIND, NULL,
|
||
|
|
rootfs->path ? rootfs->mount : NULL) != 0) {
|
||
|
|
SYSERROR("Failed bind mounting device %s from host into container",
|
||
|
|
dev_elem->name);
|
||
|
|
- return -1;
|
||
|
|
+ ret = -1;
|
||
|
|
+ goto reset_umask;
|
||
|
|
}
|
||
|
|
}
|
||
|
|
if (chown(path, dev_elem->uid, dev_elem->gid) < 0) {
|
||
|
|
ERROR("Error chowning %s", path);
|
||
|
|
- return -1;
|
||
|
|
+ ret = -1;
|
||
|
|
+ goto reset_umask;
|
||
|
|
}
|
||
|
|
}
|
||
|
|
|
||
|
|
+reset_umask:
|
||
|
|
+ (void)umask(cur_mask);
|
||
|
|
+
|
||
|
|
INFO("Populated devices into container /dev");
|
||
|
|
- return 0;
|
||
|
|
+ return ret;
|
||
|
|
}
|
||
|
|
|
||
|
|
// isulad: setup rootfs mountopts
|
||
|
|
--
|
||
|
|
1.8.3.1
|
||
|
|
|