summaryrefslogtreecommitdiffhomepage
diff options
context:
space:
mode:
authorLantao Liu <lantaol@google.com>2018-06-26 13:39:07 -0700
committerShentubot <shentubot@google.com>2018-06-26 13:40:04 -0700
commit000fd8d1e4530b4063eead26dda4843ff0d71cbd (patch)
tree1c41986261d239b3cf247cb50fe8c044a1cb5553
parentea10949a0036cdef95a1397ccad8fcc138ce3c0d (diff)
runsc: set gofer umask to 0.
PiperOrigin-RevId: 202185642 Change-Id: I2eefcc0b2ffadc6ef21d177a8a4ab0cda91f3399
-rw-r--r--runsc/boot/loader.go10
-rw-r--r--runsc/cmd/boot.go7
-rw-r--r--runsc/cmd/gofer.go5
3 files changed, 16 insertions, 6 deletions
diff --git a/runsc/boot/loader.go b/runsc/boot/loader.go
index 7097f220b..69b982ff8 100644
--- a/runsc/boot/loader.go
+++ b/runsc/boot/loader.go
@@ -23,7 +23,6 @@ import (
"runtime"
"sync"
"sync/atomic"
- "syscall"
gtime "time"
specs "github.com/opencontainers/runtime-spec/specs-go"
@@ -270,7 +269,7 @@ func newProcess(spec *specs.Spec, conf *Config, ioFDs []int, console bool, creds
Envv: spec.Process.Env,
WorkingDirectory: spec.Process.Cwd,
Credentials: creds,
- Umask: 0,
+ Umask: 0022,
Limits: ls,
MaxSymlinkTraversals: linux.MaxSymlinkTraversals,
UTSNamespace: utsns,
@@ -296,10 +295,9 @@ func newProcess(spec *specs.Spec, conf *Config, ioFDs []int, console bool, creds
// Use root user to configure mounts. The current user might not have
// permission to do so.
rootProcArgs := kernel.CreateProcessArgs{
- WorkingDirectory: "/",
- Credentials: auth.NewRootCredentials(creds.UserNamespace),
- // The sentry should run with a umask of 0.
- Umask: uint(syscall.Umask(0)),
+ WorkingDirectory: "/",
+ Credentials: auth.NewRootCredentials(creds.UserNamespace),
+ Umask: 0022,
MaxSymlinkTraversals: linux.MaxSymlinkTraversals,
}
rootCtx := rootProcArgs.NewContext(k)
diff --git a/runsc/cmd/boot.go b/runsc/cmd/boot.go
index 86f597c09..0d0e6b63f 100644
--- a/runsc/cmd/boot.go
+++ b/runsc/cmd/boot.go
@@ -107,6 +107,13 @@ func (b *Boot) Execute(_ context.Context, f *flag.FlagSet, args ...interface{})
conf := args[0].(*boot.Config)
waitStatus := args[1].(*syscall.WaitStatus)
+ // sentry should run with a umask of 0 when --file-access=direct, because we want
+ // to preserve file modes exactly as set by the sentry, which will have applied
+ // its own umask.
+ if conf.FileAccess == boot.FileAccessDirect {
+ syscall.Umask(0)
+ }
+
if b.applyCaps {
caps := spec.Process.Capabilities
if conf.Platform == boot.PlatformPtrace {
diff --git a/runsc/cmd/gofer.go b/runsc/cmd/gofer.go
index c0b747737..8e1060a35 100644
--- a/runsc/cmd/gofer.go
+++ b/runsc/cmd/gofer.go
@@ -17,6 +17,7 @@ package cmd
import (
"os"
"sync"
+ "syscall"
"context"
"flag"
@@ -66,6 +67,10 @@ func (g *Gofer) Execute(_ context.Context, f *flag.FlagSet, args ...interface{})
return subcommands.ExitUsageError
}
+ // fsgofer should run with a umask of 0, because we want to preserve file
+ // modes exactly as sent by the sandbox, which will have applied its own umask.
+ syscall.Umask(0)
+
spec, err := specutils.ReadSpec(g.bundleDir)
if err != nil {
Fatalf("error reading spec: %v", err)