The following pull request was submitted through Github.
It can be accessed and reviewed at: https://github.com/lxc/lxd/pull/4439

This e-mail was sent by the LXC bot, direct replies will not reach the author
unless they happen to be subscribed to this list.

=== Description (from pull-request) ===
Signed-off-by: Christian Brauner <christian.brau...@ubuntu.com>
From ca41760d50d41f0875df1840743a6f9fd0f9ab5a Mon Sep 17 00:00:00 2001
From: Christian Brauner <christian.brau...@ubuntu.com>
Date: Tue, 10 Apr 2018 14:52:48 +0200
Subject: [PATCH 1/5] storage: createContainerMountpoint() fix perms

s/0755/0711/g

Closes #4433.

Signed-off-by: Christian Brauner <christian.brau...@ubuntu.com>
---
 lxd/storage.go | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/lxd/storage.go b/lxd/storage.go
index 5f9f7088f4..f718027e03 100644
--- a/lxd/storage.go
+++ b/lxd/storage.go
@@ -585,7 +585,7 @@ func createContainerMountpoint(mountPoint string, 
mountPointSymlink string, priv
        if privileged {
                mode = 0700
        } else {
-               mode = 0755
+               mode = 0711
        }
 
        mntPointSymlinkExist := shared.PathExists(mountPointSymlink)
@@ -593,7 +593,7 @@ func createContainerMountpoint(mountPoint string, 
mountPointSymlink string, priv
 
        var err error
        if !mntPointSymlinkTargetExist {
-               err = os.MkdirAll(mountPoint, 0755)
+               err = os.MkdirAll(mountPoint, 0711)
                if err != nil {
                        return err
                }

From 3605dcbf3d418fe3c5b91c97cbbde4e306cdf030 Mon Sep 17 00:00:00 2001
From: Christian Brauner <christian.brau...@ubuntu.com>
Date: Tue, 10 Apr 2018 14:53:38 +0200
Subject: [PATCH 2/5] ceph: s/0755/0711/g

Closes #4433.

Signed-off-by: Christian Brauner <christian.brau...@ubuntu.com>
---
 lxd/storage_ceph.go | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

diff --git a/lxd/storage_ceph.go b/lxd/storage_ceph.go
index 4bd9832ec8..1839c0867c 100644
--- a/lxd/storage_ceph.go
+++ b/lxd/storage_ceph.go
@@ -1096,15 +1096,15 @@ func (s *storageCeph) 
ContainerCreateFromImage(container container, fingerprint
                }
                logger.Debugf(`Shifted rootfs for container "%s"`, 
containerName)
 
-               err = os.Chmod(containerPoolVolumeMntPoint, 0755)
+               err = os.Chmod(containerPoolVolumeMntPoint, 0711)
                if err != nil {
                        logger.Errorf(`Failed change mountpoint "%s" `+
-                               `permissions to 0755 for container "%s" for `+
+                               `permissions to 0711 for container "%s" for `+
                                `RBD storage volume: %s`,
                                containerPoolVolumeMntPoint, containerName, err)
                        return err
                }
-               logger.Debugf(`Changed mountpoint "%s" permissions to 0755 for 
`+
+               logger.Debugf(`Changed mountpoint "%s" permissions to 0711 for 
`+
                        `container "%s" for RBD storage volume`,
                        containerPoolVolumeMntPoint, containerName)
        } else {

From cec4d40b2f34e2031c0167db66a832c774e509a0 Mon Sep 17 00:00:00 2001
From: Christian Brauner <christian.brau...@ubuntu.com>
Date: Tue, 10 Apr 2018 14:54:14 +0200
Subject: [PATCH 3/5] lvm: s/0755/0711/g

Closes #4433.

Signed-off-by: Christian Brauner <christian.brau...@ubuntu.com>
---
 lxd/storage_lvm.go | 8 ++++----
 1 file changed, 4 insertions(+), 4 deletions(-)

diff --git a/lxd/storage_lvm.go b/lxd/storage_lvm.go
index 341ebe3e70..df5c7cb309 100644
--- a/lxd/storage_lvm.go
+++ b/lxd/storage_lvm.go
@@ -898,7 +898,7 @@ func (s *storageLvm) ContainerCreate(container container) 
error {
                sourceName, _, _ := 
containerGetParentAndSnapshotName(containerName)
                snapshotMntPointSymlinkTarget := 
shared.VarPath("storage-pools", s.pool.Name, "snapshots", sourceName)
                snapshotMntPointSymlink := shared.VarPath("snapshots", 
sourceName)
-               err := os.MkdirAll(containerMntPoint, 0755)
+               err := os.MkdirAll(containerMntPoint, 0711)
                if err != nil {
                        return err
                }
@@ -909,7 +909,7 @@ func (s *storageLvm) ContainerCreate(container container) 
error {
        } else {
                containerMntPoint := getContainerMountPoint(s.pool.Name, 
containerName)
                containerPath := container.Path()
-               err := os.MkdirAll(containerMntPoint, 0755)
+               err := os.MkdirAll(containerMntPoint, 0711)
                if err != nil {
                        return err
                }
@@ -955,7 +955,7 @@ func (s *storageLvm) ContainerCreateFromImage(container 
container, fingerprint s
 
        containerMntPoint := getContainerMountPoint(s.pool.Name, containerName)
        containerPath := container.Path()
-       err = os.MkdirAll(containerMntPoint, 0755)
+       err = os.MkdirAll(containerMntPoint, 0711)
        if err != nil {
                return err
        }
@@ -985,7 +985,7 @@ func (s *storageLvm) ContainerCreateFromImage(container 
container, fingerprint s
        if container.IsPrivileged() {
                err = os.Chmod(containerMntPoint, 0700)
        } else {
-               err = os.Chmod(containerMntPoint, 0755)
+               err = os.Chmod(containerMntPoint, 0711)
        }
        if err != nil {
                return err

From eb022c964986adce2c1305903b0b46b91f8cd905 Mon Sep 17 00:00:00 2001
From: Christian Brauner <christian.brau...@ubuntu.com>
Date: Tue, 10 Apr 2018 14:55:26 +0200
Subject: [PATCH 4/5] storage utils: s/0755/0711/g

Closes #4433.

Signed-off-by: Christian Brauner <christian.brau...@ubuntu.com>
---
 lxd/storage_utils.go | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/lxd/storage_utils.go b/lxd/storage_utils.go
index 581f213f78..b4fe2b3930 100644
--- a/lxd/storage_utils.go
+++ b/lxd/storage_utils.go
@@ -158,8 +158,8 @@ func storageConfigDiff(oldConfig map[string]string, 
newConfig map[string]string)
 }
 
 // Default permissions for folders in ${LXD_DIR}
-const containersDirMode os.FileMode = 0755
-const customDirMode os.FileMode = 0755
+const containersDirMode os.FileMode = 0711
+const customDirMode os.FileMode = 0711
 const imagesDirMode os.FileMode = 0700
 const snapshotsDirMode os.FileMode = 0700
 

From c9081d994616f7db69c74e95de2e341f0f67bcf5 Mon Sep 17 00:00:00 2001
From: Christian Brauner <christian.brau...@ubuntu.com>
Date: Tue, 10 Apr 2018 14:55:56 +0200
Subject: [PATCH 5/5] zfs: s/0755/0711/g

Closes #4433.

Signed-off-by: Christian Brauner <christian.brau...@ubuntu.com>
---
 lxd/storage_zfs.go | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/lxd/storage_zfs.go b/lxd/storage_zfs.go
index e657c30815..e3a0594d67 100644
--- a/lxd/storage_zfs.go
+++ b/lxd/storage_zfs.go
@@ -129,7 +129,7 @@ func (s *storageZfs) StoragePoolCreate() error {
        }()
 
        storagePoolMntPoint := getStoragePoolMountPoint(s.pool.Name)
-       err = os.MkdirAll(storagePoolMntPoint, 0755)
+       err = os.MkdirAll(storagePoolMntPoint, 0711)
        if err != nil {
                return err
        }
_______________________________________________
lxc-devel mailing list
lxc-devel@lists.linuxcontainers.org
http://lists.linuxcontainers.org/listinfo/lxc-devel

Reply via email to