github/kata-containers
1
0
Fork 1
mirror of https://github.com/kata-containers/kata-containers.git synced 2025-06-26 15:32:30 +00:00
Code Issues Projects Releases Wiki Activity

Merge pull request #10982 from zvonkok/fix-zvonkos-fix

Browse Source 
agent: fix permisssion according to runc
This commit is contained in:
Zvonko Kaiser 2025-03-05 15:08:48 -05:00 committed by GitHub
commit ae63bbb824
No known key found for this signature in database
GPG Key ID: B5690EEEBB952194
1 changed files with 14 additions and 7 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

21
src/agent/rustjail/src/mount.rs
View File

@ -18,12 +18,13 @@ use std::collections::{HashMap, HashSet};
use std::fs::{self, OpenOptions};
use std::mem::MaybeUninit;
use std::os::unix;
use std::os::unix::fs::PermissionsExt;
use std::os::unix::io::RawFd;
use std::path::{Component, Path, PathBuf};
use path_absolutize::*;
use std::fs::File;
use std::io::{BufRead, BufReader};
use std::io::{BufRead, BufReader, ErrorKind};
use crate::container::DEFAULT_DEVICES;
use crate::selinux;
@ -1010,18 +1011,24 @@ lazy_static! {
};
}
fn permissions_from_path(path: &Path) -> Result<u32> {
match fs::metadata(path) {
Ok(metadata) => Ok(metadata.permissions().mode()),
Err(e) if e.kind() == ErrorKind::NotFound => Ok(0),
Err(e) => Err(e.into()),
}
}
fn mknod_dev(dev: &LinuxDevice, relpath: &Path) -> Result<()> {
let f = match LINUXDEVICETYPE.get(dev.typ().as_str()) {
Some(v) => v,
None => return Err(anyhow!("invalid spec".to_string())),
};
let file_mode = dev
.file_mode()
// drop the mode if it is 0
.filter(|&m| m != 0)
// fall back to 0o666
.unwrap_or(0o666);
let file_mode = match dev.file_mode().unwrap_or(0) {
0 => permissions_from_path(Path::new(dev.path()))?,
x => x,
};
stat::mknod(
relpath,