diff --git a/go.mod b/go.mod index 5734e184241..147fe8cbb53 100644 --- a/go.mod +++ b/go.mod @@ -18,7 +18,7 @@ require ( github.com/containernetworking/cni v1.1.2 github.com/containernetworking/plugins v1.1.1 github.com/containers/buildah v1.28.1-0.20221029151733-c2cf9fa47ab6 - github.com/containers/common v0.50.2-0.20221104122933-582fadb8228b + github.com/containers/common v0.50.2-0.20230510115104-2ba2fd3a37fe github.com/containers/conmon v2.0.20+incompatible github.com/containers/conmon-rs v0.4.0 github.com/containers/image/v5 v5.23.1 diff --git a/go.sum b/go.sum index 8c48fafa2bd..60b00322754 100644 --- a/go.sum +++ b/go.sum @@ -597,8 +597,8 @@ github.com/containernetworking/plugins v1.1.1 h1:+AGfFigZ5TiQH00vhR8qPeSatj53eNG github.com/containernetworking/plugins v1.1.1/go.mod h1:Sr5TH/eBsGLXK/h71HeLfX19sZPp3ry5uHSkI4LPxV8= github.com/containers/buildah v1.28.1-0.20221029151733-c2cf9fa47ab6 h1:6bFoF3QIUzza8NWAsHS1ZGDDEr+r5do46dXEbzkZb3Y= github.com/containers/buildah v1.28.1-0.20221029151733-c2cf9fa47ab6/go.mod h1:skMuWv4FIebpsAFT7fBv2Ll0e0w2j71IUWCIrw9iTV0= -github.com/containers/common v0.50.2-0.20221104122933-582fadb8228b h1:/WN9Tlng1xWqr56U2sOSLM5b1Q8DF2gr87jI+fjEA04= -github.com/containers/common v0.50.2-0.20221104122933-582fadb8228b/go.mod h1:XLXycBIzTc4yNU6VzqCwgjPt9mtibATtOeXKjlCAsCY= +github.com/containers/common v0.50.2-0.20230510115104-2ba2fd3a37fe h1:nCuh1iDeHvPEIMsJe6UOSieFjYwMVL5vmlmpQGH73iQ= +github.com/containers/common v0.50.2-0.20230510115104-2ba2fd3a37fe/go.mod h1:XLXycBIzTc4yNU6VzqCwgjPt9mtibATtOeXKjlCAsCY= github.com/containers/conmon v2.0.20+incompatible h1:YbCVSFSCqFjjVwHTPINGdMX1F6JXHGTUje2ZYobNrkg= github.com/containers/conmon v2.0.20+incompatible/go.mod h1:hgwZ2mtuDrppv78a/cOBNiCm6O0UMWGx1mu7P00nu5I= github.com/containers/conmon-rs v0.4.0 h1:Nl8/xFsc2/dlQUdYi2GTZ+aPCqcedeqnOUld09eiZHc= diff --git a/vendor/github.com/containers/common/pkg/subscriptions/subscriptions.go b/vendor/github.com/containers/common/pkg/subscriptions/subscriptions.go index cdece0a1cb4..b751f487724 100644 --- a/vendor/github.com/containers/common/pkg/subscriptions/subscriptions.go +++ b/vendor/github.com/containers/common/pkg/subscriptions/subscriptions.go @@ -27,9 +27,10 @@ var ( UserOverrideMountsFile = filepath.Join(os.Getenv("HOME"), ".config/containers/mounts.conf") ) -// subscriptionData stores the name of the file and the content read from it +// subscriptionData stores the relative name of the file and the content read from it type subscriptionData struct { - name string + // relPath is the relative path to the file + relPath string data []byte mode os.FileMode dirMode os.FileMode @@ -37,11 +38,16 @@ type subscriptionData struct { // saveTo saves subscription data to given directory func (s subscriptionData) saveTo(dir string) error { - path := filepath.Join(dir, s.name) - if err := os.MkdirAll(filepath.Dir(path), s.dirMode); err != nil { - return err + // We need to join the path here and create all parent directories, only + // creating dir is not good enough as relPath could also contain directories. + path := filepath.Join(dir, s.relPath) + if err := umask.MkdirAllIgnoreUmask(filepath.Dir(path), s.dirMode); err != nil { + return fmt.Errorf("create subscription directory: %w", err) } - return os.WriteFile(path, s.data, s.mode) + if err := umask.WriteFileIgnoreUmask(path, s.data, s.mode); err != nil { + return fmt.Errorf("write subscription data: %w", err) + } + return nil } func readAll(root, prefix string, parentMode os.FileMode) ([]subscriptionData, error) { @@ -94,7 +100,7 @@ func readFileOrDir(root, name string, parentMode os.FileMode) ([]subscriptionDat return nil, err } return []subscriptionData{{ - name: name, + relPath: name, data: bytes, mode: s.Mode(), dirMode: parentMode, @@ -242,13 +248,9 @@ func addSubscriptionsFromMountsFile(filePath, mountLabel, containerRunDir string return nil, err } - // Don't let the umask have any influence on the file and directory creation - oldUmask := umask.Set(0) - defer umask.Set(oldUmask) - switch mode := fileInfo.Mode(); { case mode.IsDir(): - if err = os.MkdirAll(ctrDirOrFileOnHost, mode.Perm()); err != nil { + if err = umask.MkdirAllIgnoreUmask(ctrDirOrFileOnHost, mode.Perm()); err != nil { return nil, fmt.Errorf("making container directory: %w", err) } data, err := getHostSubscriptionData(hostDirOrFile, mode.Perm()) @@ -266,10 +268,11 @@ func addSubscriptionsFromMountsFile(filePath, mountLabel, containerRunDir string return nil, err } for _, s := range data { - if err := os.MkdirAll(filepath.Dir(ctrDirOrFileOnHost), s.dirMode); err != nil { - return nil, err + dir := filepath.Dir(ctrDirOrFileOnHost) + if err := umask.MkdirAllIgnoreUmask(dir, s.dirMode); err != nil { + return nil, fmt.Errorf("create container dir: %w", err) } - if err := os.WriteFile(ctrDirOrFileOnHost, s.data, s.mode); err != nil { + if err := umask.WriteFileIgnoreUmask(ctrDirOrFileOnHost, s.data, s.mode); err != nil { return nil, fmt.Errorf("saving data to container filesystem: %w", err) } } diff --git a/vendor/github.com/containers/common/pkg/umask/umask.go b/vendor/github.com/containers/common/pkg/umask/umask.go new file mode 100644 index 00000000000..93f1d2b3c02 --- /dev/null +++ b/vendor/github.com/containers/common/pkg/umask/umask.go @@ -0,0 +1,58 @@ +package umask + +import ( + "fmt" + "os" + "path/filepath" +) + +// MkdirAllIgnoreUmask creates a directory by ignoring the currently set umask. +func MkdirAllIgnoreUmask(dir string, mode os.FileMode) error { + parent := dir + dirs := []string{} + + // Find all parent directories which would have been created by MkdirAll + for { + if _, err := os.Stat(parent); err == nil { + break + } else if !os.IsNotExist(err) { + return fmt.Errorf("cannot stat %s: %w", dir, err) + } + + dirs = append(dirs, parent) + newParent := filepath.Dir(parent) + + // Only possible if the root paths are not existing, which would be odd + if parent == newParent { + break + } + + parent = newParent + } + + if err := os.MkdirAll(dir, mode); err != nil { + return fmt.Errorf("create directory %s: %w", dir, err) + } + + for _, d := range dirs { + if err := os.Chmod(d, mode); err != nil { + return fmt.Errorf("chmod directory %s: %w", d, err) + } + } + + return nil +} + +// WriteFileIgnoreUmask write the provided data to the path by ignoring the +// currently set umask. +func WriteFileIgnoreUmask(path string, data []byte, mode os.FileMode) error { + if err := os.WriteFile(path, data, mode); err != nil { + return fmt.Errorf("write file: %w", err) + } + + if err := os.Chmod(path, mode); err != nil { + return fmt.Errorf("chmod file: %w", err) + } + + return nil +} diff --git a/vendor/modules.txt b/vendor/modules.txt index 95f3ae89a7d..79202f76024 100644 --- a/vendor/modules.txt +++ b/vendor/modules.txt @@ -571,7 +571,7 @@ github.com/containers/buildah/pkg/rusage github.com/containers/buildah/pkg/sshagent github.com/containers/buildah/pkg/util github.com/containers/buildah/util -# github.com/containers/common v0.50.2-0.20221104122933-582fadb8228b +# github.com/containers/common v0.50.2-0.20230510115104-2ba2fd3a37fe ## explicit; go 1.17 github.com/containers/common/libimage github.com/containers/common/libimage/define