Wrong directory permissions when using tmpcopyup because of umask #3991
Milestone
Comments
jakecorrenti
added a commit
to jakecorrenti/runc
that referenced
this issue
Aug 23, 2023
Sets the Umask to 0 first thing runc begins execution. If the Umask is not set properly, `doTmpfsCopyUp` in `libcontainer/rootfs_linux.go` does not behave as intended. Fixes: opencontainers#3991 Signed-off-by: Jake Correnti <jakecorrenti+github@proton.me>
|
Well, my guess is #4039 did not fix this issue, since the fix actually belongs to https://github.com/mrunalp/fileutils. I'll open a PR. |
|
Just checked that mrunalp/fileutils#9 actually fixes the issue. Will open a PR to runc soon. |
|
PR for the main branch: #4056. Will backport to 1.1 once merged. |
|
Reopen until it's fixed in 1.1 |
kolyshkin
changed the title
|
#4060 merged, the fix will be in runc 1.1.10 |
Closed
Merged
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Description
When using podman and executing the series of commands below, the container emits a permission denied error. However, if you use crun, you do not.
Steps to reproduce the issue
$ podman create --runtime=/bin/runc --name test --pod new:bug registry.access.redhat.com/ubi8/httpd-24$ podman kube generate bug > test.yaml$ podman pod rm -f bug$ podman kube play --runtime=/bin/runc test.yaml$ podman container logs bug-testoutput:
Describe the results you received and expected
I received a container that was getting permission denied errors. But I expected there to be none at all.
What version of runc are you using?
runc version 1.1.0+dev
commit: v1.1.0-713-gff8c4c7b
spec: 1.1.0
go: go1.20.7
libseccomp: 2.5.3
Host OS information
NAME="Fedora Linux"
VERSION="38 (Workstation Edition)"
ID=fedora
VERSION_ID=38
VERSION_CODENAME=""
PLATFORM_ID="platform:f38"
PRETTY_NAME="Fedora Linux 38 (Workstation Edition)"
ANSI_COLOR="0;38;2;60;110;180"
LOGO=fedora-logo-icon
CPE_NAME="cpe:/o:fedoraproject:fedora:38"
DEFAULT_HOSTNAME="fedora"
HOME_URL="https://fedoraproject.org/"
DOCUMENTATION_URL="https://docs.fedoraproject.org/en-US/fedora/f38/system-administrators-guide/"
SUPPORT_URL="https://ask.fedoraproject.org/"
BUG_REPORT_URL="https://bugzilla.redhat.com/"
REDHAT_BUGZILLA_PRODUCT="Fedora"
REDHAT_BUGZILLA_PRODUCT_VERSION=38
REDHAT_SUPPORT_PRODUCT="Fedora"
REDHAT_SUPPORT_PRODUCT_VERSION=38
SUPPORT_END=2024-05-14
VARIANT="Workstation Edition"
VARIANT_ID=workstation
Host kernel information
Linux fedora 6.4.7-200.fc38.x86_64 #1 SMP PREEMPT_DYNAMIC Thu Jul 27 20:01:18 UTC 2023 x86_64 GNU/Linux
The text was updated successfully, but these errors were encountered: