mirror of
https://github.com/moby/moby.git
synced 2022-11-09 12:21:53 -05:00
Merge pull request #21242 from cyphar/fix-userns-permissions
daemon: use 0711 for /var/lib/docker
This commit is contained in:
commit
45b2a57d1c
1 changed files with 4 additions and 4 deletions
|
@ -870,7 +870,7 @@ func setupRemappedRoot(config *Config) ([]idtools.IDMap, []idtools.IDMap, error)
|
||||||
|
|
||||||
func setupDaemonRoot(config *Config, rootDir string, rootUID, rootGID int) error {
|
func setupDaemonRoot(config *Config, rootDir string, rootUID, rootGID int) error {
|
||||||
config.Root = rootDir
|
config.Root = rootDir
|
||||||
// the docker root metadata directory needs to have execute permissions for all users (o+x)
|
// the docker root metadata directory needs to have execute permissions for all users (g+x,o+x)
|
||||||
// so that syscalls executing as non-root, operating on subdirectories of the graph root
|
// so that syscalls executing as non-root, operating on subdirectories of the graph root
|
||||||
// (e.g. mounted layers of a container) can traverse this path.
|
// (e.g. mounted layers of a container) can traverse this path.
|
||||||
// The user namespace support will create subdirectories for the remapped root host uid:gid
|
// The user namespace support will create subdirectories for the remapped root host uid:gid
|
||||||
|
@ -878,12 +878,12 @@ func setupDaemonRoot(config *Config, rootDir string, rootUID, rootGID int) error
|
||||||
// layer content subtrees.
|
// layer content subtrees.
|
||||||
if _, err := os.Stat(rootDir); err == nil {
|
if _, err := os.Stat(rootDir); err == nil {
|
||||||
// root current exists; verify the access bits are correct by setting them
|
// root current exists; verify the access bits are correct by setting them
|
||||||
if err = os.Chmod(rootDir, 0701); err != nil {
|
if err = os.Chmod(rootDir, 0711); err != nil {
|
||||||
return err
|
return err
|
||||||
}
|
}
|
||||||
} else if os.IsNotExist(err) {
|
} else if os.IsNotExist(err) {
|
||||||
// no root exists yet, create it 0701 with root:root ownership
|
// no root exists yet, create it 0711 with root:root ownership
|
||||||
if err := os.MkdirAll(rootDir, 0701); err != nil {
|
if err := os.MkdirAll(rootDir, 0711); err != nil {
|
||||||
return err
|
return err
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
Loading…
Reference in a new issue