1
0
Fork 0
mirror of https://github.com/moby/moby.git synced 2022-11-09 12:21:53 -05:00
moby--moby/pkg/system
John Howard b4db78be5a LCOW: Add SIDs to layer.vhd at creation
Signed-off-by: John Howard <jhoward@microsoft.com>

Some permissions corrections here. Also needs re-vendor of go-winio.

 - Create the layer folder directory as standard, not with SDDL. It will inherit permissions from the data-root correctly.
 - Apply the VM Group SID access to layer.vhd

Permissions after this changes

Data root:

```
PS C:\> icacls test
test BUILTIN\Administrators:(OI)(CI)(F)
     NT AUTHORITY\SYSTEM:(OI)(CI)(F)
```

lcow subdirectory under dataroot
```
PS C:\> icacls test\lcow
test\lcow BUILTIN\Administrators:(I)(OI)(CI)(F)
          NT AUTHORITY\SYSTEM:(I)(OI)(CI)(F)
```

layer.vhd in a layer folder for LCOW
```
.\test\lcow\c33923d21c9621fea2f990a8778f469ecdbdc57fd9ca682565d1fa86fadd5d95\layer.vhd NT VIRTUAL MACHINE\Virtual Machines:(R)
                                                                                       BUILTIN\Administrators:(I)(F)
                                                                                       NT AUTHORITY\SYSTEM:(I)(F)
```

And showing working

```
PS C:\> docker-ci-zap -folder=c:\test
INFO: Zapped successfully
PS C:\> docker run --rm alpine echo hello
Unable to find image 'alpine:latest' locally
latest: Pulling from library/alpine
8e402f1a9c57: Pull complete
Digest: sha256:644fcb1a676b5165371437feaa922943aaf7afcfa8bfee4472f6860aad1ef2a0
Status: Downloaded newer image for alpine:latest
hello
```
2019-03-21 13:12:17 -07:00
..
args_windows.go Windows: (WCOW) Generate OCI spec that remote runtime can escape 2019-03-12 18:41:55 -07:00
chtimes.go
chtimes_test.go
chtimes_unix.go
chtimes_unix_test.go
chtimes_windows.go
chtimes_windows_test.go
errors.go
exitcode.go
filesys.go
filesys_windows.go LCOW: Add SIDs to layer.vhd at creation 2019-03-21 13:12:17 -07:00
init.go
init_unix.go
init_windows.go
lcow.go
lcow_unix.go
lcow_windows.go
lstat_unix.go
lstat_unix_test.go
lstat_windows.go
meminfo.go
meminfo_linux.go
meminfo_unix_test.go
meminfo_unsupported.go
meminfo_windows.go
mknod.go
mknod_windows.go
path.go
path_unix.go
path_windows.go
path_windows_test.go
process_unix.go
process_windows.go
rm.go
rm_test.go
stat_darwin.go
stat_freebsd.go
stat_linux.go
stat_openbsd.go
stat_solaris.go
stat_unix.go
stat_unix_test.go
stat_windows.go
syscall_unix.go
syscall_windows.go
syscall_windows_test.go
umask.go
umask_windows.go
utimes_freebsd.go
utimes_linux.go
utimes_unix_test.go
utimes_unsupported.go
xattrs_linux.go
xattrs_unsupported.go