vbatts/containerd
1
0
Fork 0
Code Pull requests Releases Activity

set +x on overlay fs dirs

Browse source 
We need to set +x on the overlay dirs or after dropping from root to a
non-root user an eperm will happen on exec or other file access

Signed-off-by: Michael Crosby <crosbymichael@gmail.com>
This commit is contained in:
Michael Crosby 2017-03-24 12:47:52 -07:00
parent 597815af7e
commit 71e8d765df
3 changed files with 10 additions and 4 deletions
Download patch file Download diff file Expand all files Collapse all files

3
snapshot/overlay/overlay.go
View file

@ -47,7 +47,6 @@ func NewSnapshotter(root string, ms storage.MetaStore) (snapshot.Snapshotter, er
if err := os.MkdirAll(root, 0700); err != nil {
return nil, err
}
if err := os.MkdirAll(filepath.Join(root, "snapshots"), 0700); err != nil {
return nil, err
}
@ -189,7 +188,7 @@ func (o *Snapshotter) createActive(ctx context.Context, key, parent string, read
}
}()
if err = os.MkdirAll(filepath.Join(td, "fs"), 0700); err != nil {
if err = os.MkdirAll(filepath.Join(td, "fs"), 0711); err != nil {
return nil, err
}
if !readonly {