github/kata-containers
1
0
Fork 1
mirror of https://github.com/kata-containers/kata-containers.git synced 2025-06-28 16:27:50 +00:00
Code Issues Projects Releases Wiki Activity

virtcontainers: change firecracker socket permissions

Browse Source 
For security reasons, let's make sure 'others' don't have access to the
firecracker hybrid vsock

fixes #2101

Signed-off-by: Julio Montes <julio.montes@intel.com>
This commit is contained in:
Julio Montes 2019-10-03 21:23:19 +00:00
parent 46d1957e0f
commit 8f6b0a6a41
1 changed files with 5 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

5
virtcontainers/fc.go
View File

@ -599,6 +599,11 @@ func (fc *firecracker) fcStartVM() error {
return err return err
} }
// make sure 'others' don't have access to this socket
if err := os.Chmod(filepath.Join(fc.jailerRoot, defaultHybridVSocketName), 0640); err != nil {
return fmt.Errorf("Could not change socket permissions: %v", err)
}
fc.state.set(vmReady) fc.state.set(vmReady)
return nil return nil
} }