github/kata-containers
1
0
Fork 1
mirror of https://github.com/kata-containers/kata-containers.git synced 2025-07-04 11:06:21 +00:00
Code Issues Projects Releases Wiki Activity

Merge pull request #2598 from c3d/backport/2589-virtiofsd-perms-perms

Browse Source 
stable-2.2 | virtiofs: Create shared directory with 0700 mode, not 0750
This commit is contained in:
Fabiano Fidêncio 2021-09-24 09:16:59 +02:00 committed by GitHub
commit e58fabfc20
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
1 changed files with 4 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

5
src/runtime/virtcontainers/kata_agent.go
View File

@ -68,6 +68,9 @@ const (
kernelParamDebugConsole = "agent.debug_console"
kernelParamDebugConsoleVPort = "agent.debug_console_vport"
kernelParamDebugConsoleVPortValue = "1026"
// Restricted permission for shared directory managed by virtiofs
sharedDirMode = os.FileMode(0700) | os.ModeDir
)
var (
@ -516,7 +519,7 @@ func (k *kataAgent) setupSharedPath(ctx context.Context, sandbox *Sandbox) (err
// create shared path structure
sharePath := getSharePath(sandbox.id)
mountPath := getMountPath(sandbox.id)
if err := os.MkdirAll(sharePath, DirMode); err != nil {
if err := os.MkdirAll(sharePath, sharedDirMode); err != nil {
return err
}
if err := os.MkdirAll(mountPath, DirMode); err != nil {