Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Fix some file mode bits missing when doing mount syscall #3956

Merged
merged 2 commits into from
Aug 3, 2023
Merged

Fix some file mode bits missing when doing mount syscall #3956

merged 2 commits into from
Aug 3, 2023

Conversation

lifubang
Copy link
Member

@lifubang lifubang commented Aug 2, 2023
edited by thaJeztah
Loading

Fix #3952

When we call unix.Mount, if we use file mode bits from the bits with the type fs.FileMode directly, it will cause some bits missing.

Please refer: https://github.com/golang/go/blob/83c4e533bcf71d86437a5aa9ffc9b5373208628c/src/os/file.go#L258-L265

@lifubang lifubang requested a review from kolyshkin August 2, 2023 04:04
@lifubang
Copy link
Member Author

lifubang commented Aug 2, 2023

More details: https://www.gnu.org/software/coreutils/manual/html_node/Mode-Structure.html

cyphar
cyphar reviewed Aug 2, 2023
View reviewed changes
tests/integration/run.bats Outdated Show resolved Hide resolved
cyphar
cyphar approved these changes Aug 2, 2023
View reviewed changes
Copy link
Member

@cyphar cyphar left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM

cyphar
cyphar reviewed Aug 2, 2023
View reviewed changes
libcontainer/mount_linux.go Outdated
"strconv"
"syscall"
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

(Nit: I prefer using unix for everything but it doesn't really matter.)

Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Same -- I think with Go2 there will be no syscall and we'll have to switch to x/sys/unix anyway, so better do it now.

kolyshkin
kolyshkin reviewed Aug 2, 2023
View reviewed changes
libcontainer/mount_linux.go Outdated
@@ -103,3 +105,19 @@ func unmount(target string, flags int) error {
}
return nil
}

// SyscallMode returns the syscall-specific mode bits from Go's portable mode bits.
func SyscallMode(i fs.FileMode) (o uint32) {
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Yeah, golang stdlib does the same conversion in archive/tar and archive/zip.

kolyshkin
kolyshkin reviewed Aug 2, 2023
View reviewed changes
libcontainer/mount_linux.go Outdated
Comment on lines 109 to 110
// SyscallMode returns the syscall-specific mode bits from Go's portable mode bits.
func SyscallMode(i fs.FileMode) (o uint32) {
// syscallMode returns the syscall-specific mode bits from Go's portable mode bits.
func syscallMode(i fs.FileMode) (o uint32) {
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Can you merge this hunk into the first commit?

kolyshkin
kolyshkin reviewed Aug 2, 2023
View reviewed changes
libcontainer/rootfs_linux.go Outdated
dt := fmt.Sprintf("mode=%04o", SyscallMode(stat.Mode()))
dt := fmt.Sprintf("mode=%04o", syscallMode(stat.Mode()))
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

same

kolyshkin
kolyshkin reviewed Aug 2, 2023
View reviewed changes
tests/integration/run.bats
@@ -77,6 +77,21 @@ function teardown() {
[[ "${lines[0]}" == *'mydomainname'* ]]
}

@test "runc run with tmpfs" {
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

nit: maybe add a link to issue, e.g.

# https://github.com/opencontainers/runc/issues/3952
@test "runc run with tmpfs" {
...

@kolyshkin kolyshkin added the backport/1.1-todo A PR in main branch which needs to be backported to release-1.1 label Aug 2, 2023
@lifubang
fix some file mode bits missing when doing mount syscall
6092a4b 
Signed-off-by: lifubang <lifubang@acmcoder.com>
@lifubang
add a test case about missing stricky bit
83137c6 
Signed-off-by: lifubang <lifubang@acmcoder.com>
kolyshkin
kolyshkin approved these changes Aug 3, 2023
View reviewed changes
Copy link
Contributor

@kolyshkin kolyshkin left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM, thanks!

@kolyshkin kolyshkin merged commit 534fa8e into opencontainers:main Aug 3, 2023
@lifubang lifubang mentioned this pull request Aug 3, 2023
Merged
@lifubang lifubang added the backport/1.1-done A PR in main branch which has been backported to release-1.1 label Aug 3, 2023
@kolyshkin kolyshkin removed the backport/1.1-todo A PR in main branch which needs to be backported to release-1.1 label Aug 3, 2023
kolyshkin referenced this pull request Aug 10, 2023
@cpuguy83
Fix tmpfs mode opts when dir already exists
9fa8b9d 
When a directory already exists (or after a container is restarted) the
perms of the directory being mounted to were being used even when a
different permission is set on the tmpfs mount options.

This prepends the original directory perms to the mount options.
If the perms were already set in the mount opts then those perms will
win.
This eliminates the need to perform a chmod after mount entirely.

Signed-off-by: Brian Goff <cpuguy83@gmail.com>
@lifubang lifubang mentioned this pull request Sep 10, 2023
Merged
@lifubang lifubang deleted the fix-ModeSticky branch October 15, 2024 05:50
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@cyphar cyphar cyphar approved these changes

@kolyshkin kolyshkin kolyshkin approved these changes

Assignees
No one assigned
Labels
backport/1.1-done A PR in main branch which has been backported to release-1.1
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

[v1.1.8 regression] Sticky bit on container tmpfs no longer set
3 participants
@lifubang @cyphar @kolyshkin