mirror of
https://github.com/moby/moby.git
synced 2025-04-18 20:44:11 +03:00
replace uses of idtools.MkdirAllAndChown, MkdirAllAndChownNew
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
This commit is contained in:
Sebastiaan van Stijn
parent
d96d20d45f
commit
d8a5e8928b
@ -212,7 +212,8 @@ issues:
|
||||
linters:
|
||||
- staticcheck
|
||||
|
||||
- text: "SA1019: idtools\\.(CurrentIdentity|ToUserIdentityMapping|FromUserIdentityMapping|IDMap|MkdirAndChown|MkdirAllAndChown|MkdirAllAndChownNew) is deprecated"
|
||||
# FIXME(thaJeztah): ignoring these transitional utilities until BuildKit is vendored with https://github.com/moby/moby/pull/49743
|
||||
- text: "SA1019: idtools\\.(ToUserIdentityMapping|FromUserIdentityMapping) is deprecated"
|
||||
linters:
|
||||
- staticcheck
|
||||
|
||||
|
||||
@ -39,6 +39,7 @@ import (
|
||||
"github.com/moby/sys/atomicwriter"
|
||||
"github.com/moby/sys/signal"
|
||||
"github.com/moby/sys/symlink"
|
||||
"github.com/moby/sys/user"
|
||||
ocispec "github.com/opencontainers/image-spec/specs-go/v1"
|
||||
"github.com/pkg/errors"
|
||||
"go.opentelemetry.io/otel"
|
||||
@ -331,7 +332,7 @@ func (container *Container) SetupWorkingDirectory(rootIdentity idtools.Identity)
|
||||
return err
|
||||
}
|
||||
|
||||
if err := idtools.MkdirAllAndChownNew(pth, 0o755, rootIdentity); err != nil {
|
||||
if err := user.MkdirAllAndChown(pth, 0o755, rootIdentity.UID, rootIdentity.GID, user.WithOnlyNew); err != nil {
|
||||
pthInfo, err2 := os.Stat(pth)
|
||||
if err2 == nil && pthInfo != nil && !pthInfo.IsDir() {
|
||||
return errors.Errorf("Cannot mkdir: %s is not a directory", container.Config.WorkingDir)
|
||||
|
||||
@ -8,6 +8,7 @@ import (
|
||||
"strings"
|
||||
|
||||
"github.com/docker/docker/pkg/idtools"
|
||||
"github.com/moby/sys/user"
|
||||
"golang.org/x/sys/unix"
|
||||
)
|
||||
|
||||
@ -41,12 +42,12 @@ func Setup(initLayerFs string, rootIdentity idtools.Identity) error {
|
||||
|
||||
if _, err := os.Stat(filepath.Join(initLayer, pth)); err != nil {
|
||||
if os.IsNotExist(err) {
|
||||
if err := idtools.MkdirAllAndChownNew(filepath.Join(initLayer, filepath.Dir(pth)), 0o755, rootIdentity); err != nil {
|
||||
if err := user.MkdirAllAndChown(filepath.Join(initLayer, filepath.Dir(pth)), 0o755, rootIdentity.UID, rootIdentity.GID, user.WithOnlyNew); err != nil {
|
||||
return err
|
||||
}
|
||||
switch typ {
|
||||
case "dir":
|
||||
if err := idtools.MkdirAllAndChownNew(filepath.Join(initLayer, pth), 0o755, rootIdentity); err != nil {
|
||||
if err := user.MkdirAllAndChown(filepath.Join(initLayer, pth), 0o755, rootIdentity.UID, rootIdentity.GID, user.WithOnlyNew); err != nil {
|
||||
return err
|
||||
}
|
||||
case "file":
|
||||
|
||||
@ -12,7 +12,7 @@ import (
|
||||
"github.com/containerd/containerd/v2/pkg/cio"
|
||||
"github.com/containerd/log"
|
||||
libcontainerdtypes "github.com/docker/docker/libcontainerd/types"
|
||||
"github.com/docker/docker/pkg/idtools"
|
||||
"github.com/moby/sys/user"
|
||||
"github.com/opencontainers/runtime-spec/specs-go"
|
||||
)
|
||||
|
||||
@ -59,7 +59,7 @@ func WithBundle(bundleDir string, ociSpec *specs.Spec) containerd.NewContainerOp
|
||||
uid, gid := getSpecUser(ociSpec)
|
||||
if uid == 0 && gid == 0 {
|
||||
c.Labels[DockerContainerBundlePath] = bundleDir
|
||||
return idtools.MkdirAllAndChownNew(bundleDir, 0o755, idtools.Identity{UID: 0, GID: 0})
|
||||
return user.MkdirAllAndChown(bundleDir, 0o755, uid, gid, user.WithOnlyNew)
|
||||
}
|
||||
|
||||
p := string(filepath.Separator)
|
||||
@ -72,7 +72,7 @@ func WithBundle(bundleDir string, ociSpec *specs.Spec) containerd.NewContainerOp
|
||||
}
|
||||
if os.IsNotExist(err) || fi.Mode()&1 == 0 {
|
||||
p = fmt.Sprintf("%s.%d.%d", p, uid, gid)
|
||||
if err := idtools.MkdirAndChown(p, 0o700, idtools.Identity{UID: uid, GID: gid}); err != nil && !os.IsExist(err) {
|
||||
if err := user.MkdirAndChown(p, 0o700, uid, gid); err != nil && !os.IsExist(err) {
|
||||
return err
|
||||
}
|
||||
}
|
||||
|
||||
@ -20,6 +20,7 @@ import (
|
||||
"github.com/docker/docker/quota"
|
||||
"github.com/docker/docker/volume"
|
||||
"github.com/moby/sys/atomicwriter"
|
||||
"github.com/moby/sys/user"
|
||||
"github.com/pkg/errors"
|
||||
)
|
||||
|
||||
@ -52,12 +53,13 @@ type activeMount struct {
|
||||
// volumes. The base path is created here if it does not exist.
|
||||
func New(scope string, rootIdentity idtools.Identity) (*Root, error) {
|
||||
r := &Root{
|
||||
path: filepath.Join(scope, volumesPathName),
|
||||
volumes: make(map[string]*localVolume),
|
||||
rootIdentity: rootIdentity,
|
||||
path: filepath.Join(scope, volumesPathName),
|
||||
volumes: make(map[string]*localVolume),
|
||||
rootUID: rootIdentity.UID,
|
||||
rootGID: rootIdentity.GID,
|
||||
}
|
||||
|
||||
if err := idtools.MkdirAllAndChown(r.path, 0o701, idtools.CurrentIdentity()); err != nil {
|
||||
if err := user.MkdirAllAndChown(r.path, 0o701, os.Getuid(), os.Getegid()); err != nil {
|
||||
return nil, err
|
||||
}
|
||||
|
||||
@ -106,11 +108,12 @@ func New(scope string, rootIdentity idtools.Identity) (*Root, error) {
|
||||
// manages the creation/removal of volumes. It uses only standard vfs
|
||||
// commands to create/remove dirs within its provided scope.
|
||||
type Root struct {
|
||||
m sync.Mutex
|
||||
path string
|
||||
quotaCtl *quota.Control
|
||||
volumes map[string]*localVolume
|
||||
rootIdentity idtools.Identity
|
||||
m sync.Mutex
|
||||
path string
|
||||
quotaCtl *quota.Control
|
||||
volumes map[string]*localVolume
|
||||
rootUID int
|
||||
rootGID int
|
||||
}
|
||||
|
||||
// List lists all the volumes
|
||||
@ -157,12 +160,12 @@ func (r *Root) Create(name string, opts map[string]string) (volume.Volume, error
|
||||
}
|
||||
|
||||
// Root dir does not need to be accessed by the remapped root
|
||||
if err := idtools.MkdirAllAndChown(v.rootPath, 0o701, idtools.CurrentIdentity()); err != nil {
|
||||
if err := user.MkdirAllAndChown(v.rootPath, 0o701, os.Getuid(), os.Getegid()); err != nil {
|
||||
return nil, errors.Wrapf(errdefs.System(err), "error while creating volume root path '%s'", v.rootPath)
|
||||
}
|
||||
|
||||
// Remapped root does need access to the data path
|
||||
if err := idtools.MkdirAllAndChown(v.path, 0o755, r.rootIdentity); err != nil {
|
||||
if err := user.MkdirAllAndChown(v.path, 0o755, r.rootUID, r.rootGID); err != nil {
|
||||
return nil, errors.Wrapf(errdefs.System(err), "error while creating volume data path '%s'", v.path)
|
||||
}
|
||||
|
||||
|
||||
@ -14,6 +14,7 @@ import (
|
||||
"github.com/docker/docker/pkg/idtools"
|
||||
"github.com/docker/docker/pkg/stringid"
|
||||
"github.com/docker/docker/volume"
|
||||
"github.com/moby/sys/user"
|
||||
"github.com/opencontainers/selinux/go-selinux/label"
|
||||
"github.com/pkg/errors"
|
||||
)
|
||||
@ -247,9 +248,9 @@ func (m *MountPoint) Setup(ctx context.Context, mountLabel string, rootIDs idtoo
|
||||
}
|
||||
}
|
||||
|
||||
// idtools.MkdirAllNewAs() produces an error if m.Source exists and is a file (not a directory)
|
||||
// user.MkdirAllAndChown produces an error if m.Source exists and is a file (not a directory)
|
||||
// also, makes sure that if the directory is created, the correct remapped rootUID/rootGID will own it
|
||||
if err := idtools.MkdirAllAndChownNew(m.Source, 0o755, rootIDs); err != nil {
|
||||
if err := user.MkdirAllAndChown(m.Source, 0o755, rootIDs.UID, rootIDs.GID, user.WithOnlyNew); err != nil {
|
||||
if perr, ok := err.(*os.PathError); ok {
|
||||
if perr.Err != syscall.ENOTDIR {
|
||||
return "", noCleanup, errors.Wrapf(err, "error while creating mount source path '%s'", m.Source)
|
||||
|
||||
Loading…
x
Reference in New Issue
Block a user