Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

squashfs: Correct root dir permissions consistency by using a subdirectoy #267

Merged
merged 2 commits into from
Aug 10, 2023

Conversation

rafiyr
Copy link
Contributor

@rafiyr rafiyr commented May 12, 2023

mkdtemp always creates directories with 0700. Using a subdirectory keeps the image root directory more consistent with the permissions for all other directories created in the image.

Adding an extra level may seem a bit hacky, but it avoids breaking the safety semantics of locking down temp dirs and avoids having to add more logic to figure out what permissions adjustments to make after creating the temp dir.

mksquashfs preserves the permissions and ownership of the staging dir. By default squashfuse ignores the access limitations, However, that is optional for squashfuse and by default the kernel driver will also respect the embedded permissions.

@rafiyr rafiyr requested review from a team and xhochy as code owners May 12, 2023 15:38
@conda-bot conda-bot added the cla-signed [bot] added once the contributor has signed the CLA label May 12, 2023
@jezdez jezdez force-pushed the squashfs_root_permissions branch from 747c287 to 1790fab Compare June 6, 2023 08:06
mkdtemp always creates directories with 0700.  Using a subdirectory
keeps the image root directory more consistent with the permissions for
all other directories created in the image.
@rafiyr rafiyr force-pushed the squashfs_root_permissions branch from 1790fab to c8d3b52 Compare July 14, 2023 18:34
@xhochy xhochy changed the title Correct root dir permissions consistency. squashfs: Correct root dir permissions consistency by using a subdirectoy Aug 10, 2023
@xhochy xhochy merged commit 9377fba into conda:main Aug 10, 2023
@github-actions github-actions bot added the locked [bot] locked due to inactivity label Aug 10, 2024
@github-actions github-actions bot locked as resolved and limited conversation to collaborators Aug 10, 2024
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Labels
cla-signed [bot] added once the contributor has signed the CLA locked [bot] locked due to inactivity
Projects
Archived in project
Development

Successfully merging this pull request may close these issues.

3 participants