Fix tmpfs mode opts when dir already exists#3912
Merged
thaJeztah merged 1 commit intoopencontainers:mainfrom Jun 28, 2023
Merged
Fix tmpfs mode opts when dir already exists#3912thaJeztah merged 1 commit intoopencontainers:mainfrom
thaJeztah merged 1 commit intoopencontainers:mainfrom
Conversation
cpuguy83
force-pushed
the
fix_tmpfs_mode
branch
2 times, most recently
from
689e0cd to
3791820
Compare
kolyshkin
reviewed
Jun 26, 2023
Contributor
|
LGTM overall. I've checked the test fails before the fix, and changed it slightly so that if it fails we see what the stat output is (and simplified it a bit). @test "runc run with tmpfs perms" {
# shellcheck disable=SC2016
update_config '.process.args = ["sh", "-c", "stat -c %a /tmp/test"]'
update_config '.mounts += [{"destination": "/tmp/test", "type": "tmpfs", "source": "tmpfs", "options": ["mode=0444"]}]'
# Directory is to be created by runc.
runc run test_tmpfs
[ "$status" -eq 0 ]
[ "$output" = "444" ]
# Run a 2nd time with the pre-existing directory.
# Ref: https://github.com/opencontainers/runc/issues/3911
runc run test_tmpfs
[ "$status" -eq 0 ]
[ "$output" = "444" ]
# Existing directory, custom perms, no mode on the mount,
# so it should use the directory's perms.
update_config '.mounts[-1].options = []'
chmod 0710 rootfs/tmp/test
# shellcheck disable=SC2016
runc run test_tmpfs
[ "$status" -eq 0 ]
[ "$output" = "710" ]
# Add back the mode on the mount, and it should use that instead.
# Just for fun, use different perms than was used earlier.
# shellcheck disable=SC2016
update_config '.mounts[-1].options = ["mode=0410"]'
runc run test_tmpfs
[ "$status" -eq 0 ]
[ "$output" = "410" ]
} |
When a directory already exists (or after a container is restarted) the perms of the directory being mounted to were being used even when a different permission is set on the tmpfs mount options. This prepends the original directory perms to the mount options. If the perms were already set in the mount opts then those perms will win. This eliminates the need to perform a chmod after mount entirely. Signed-off-by: Brian Goff <cpuguy83@gmail.com>
kolyshkin
approved these changes
Jun 27, 2023
Contributor
kolyshkin
left a comment
kolyshkin
left a comment
There was a problem hiding this comment.
LGTM, thanks.
We should backport this to 1.1
kolyshkin
added
the
backport/1.1-todo
Contributor
|
@opencontainers/runc-maintainers PTAL |
thaJeztah
approved these changes
Jun 28, 2023
Member
thaJeztah
left a comment
thaJeztah
left a comment
There was a problem hiding this comment.
oh! thought I already reviewed this one, but I guess we only discussed it and I forgot.
LGTM, thanks!
kolyshkin
added
backport/1.1-done
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
4 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
When a directory already exists (or after a container is restarted) the perms of the directory being mounted to were being used even when a different permission is set on the tmpfs mount options.
This prepends the original directory perms to the mount options. If the perms were already set in the mount opts then those perms will win.
This eliminates the need to perform a chmod after mount entirely.
Fixes #3911