Vendor update container/storage

overlay: propagate errors from mountProgram utils: root in a userns uses global conf file Fix handling of additional stores Correctly check permissions on rootless directory Fix possible integer overflow on 32bit builds Evaluate device path for lvm lockfile test: make concurrent RW test determinisitc lockfile test: make concurrent read tests deterministic Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
2025-09-05 00:31:45 +00:00 · 2019-04-24 20:30:58 -04:00
parent 2829f7da9e
commit 65e6449c95
6 changed files with 44 additions and 16 deletions
--- a/vendor/github.com/containers/storage/utils.go
+++ b/vendor/github.com/containers/storage/utils.go
@@ -74,7 +74,7 @@ func GetRootlessRuntimeDir(rootlessUid int) (string, error) {
 	if runtimeDir == "" {
 		tmpDir := fmt.Sprintf("/run/user/%d", rootlessUid)
 		st, err := system.Stat(tmpDir)
-		if err == nil && int(st.UID()) == os.Getuid() && st.Mode() == 0700 {
+		if err == nil && int(st.UID()) == os.Getuid() && st.Mode()&0700 == 0700 && st.Mode()&0066 == 0000 {
 			return tmpDir, nil
 		}
 	}
@@ -182,14 +182,14 @@ func DefaultStoreOptions(rootless bool, rootlessUid int) (StoreOptions, error) {
 		err                      error
 	)
 	storageOpts := defaultStoreOptions
-	if rootless {
+	if rootless && rootlessUid != 0 {
 		storageOpts, err = getRootlessStorageOpts(rootlessUid)
 		if err != nil {
 			return storageOpts, err
 		}
 	}

-	storageConf, err := DefaultConfigFile(rootless)
+	storageConf, err := DefaultConfigFile(rootless && rootlessUid != 0)
 	if err != nil {
 		return storageOpts, err
 	}
@@ -204,7 +204,7 @@ func DefaultStoreOptions(rootless bool, rootlessUid int) (StoreOptions, error) {
 		return storageOpts, errors.Wrapf(err, "cannot stat %s", storageConf)
 	}

-	if rootless {
+	if rootless && rootlessUid != 0 {
 		if err == nil {
 			// If the file did not specify a graphroot or runroot,
 			// set sane defaults so we don't try and use root-owned