Merge pull request #2102 from devimc/topic/virtcontainers/fcFixSocketPerm

virtcontainers: change firecracker socket permissions
2025-08-11 21:02:34 +00:00 · 2019-10-04 09:26:50 -05:00 · 2019-10-04 09:26:50 -05:00 · 2591a1fb65
commit 2591a1fb65
parent ba3d4f77fe 8f6b0a6a41
1 changed files with 5 additions and 0 deletions
--- a/virtcontainers/fc.go
+++ b/virtcontainers/fc.go
@ -618,6 +618,11 @@ func (fc *firecracker) fcStartVM() error {
 		return err
 	}

+	// make sure 'others' don't have access to this socket
+	if err := os.Chmod(filepath.Join(fc.jailerRoot, defaultHybridVSocketName), 0640); err != nil {
+		return fmt.Errorf("Could not change socket permissions: %v", err)
+	}
+
 	fc.state.set(vmReady)
 	return nil
 }