diff options
| author | OpenShift Merge Robot <openshift-merge-robot@users.noreply.github.com> | 2020-07-15 14:03:14 -0400 |
|---|---|---|
| committer | GitHub <noreply@github.com> | 2020-07-15 14:03:14 -0400 |
| commit | 38f73db9decd4f692e9cfc2fd4dde2251389fca7 (patch) | |
| tree | 0f40a02bd24a10b51a0868875c9ab13afe712eaf /libpod/container_internal.go | |
| parent | 8704b78a6fbb953acb6b74d1671d5ad6456bf81f (diff) | |
| parent | 1ad7042a34771ccaae2960decc93367fcf898dad (diff) | |
| download | podman-38f73db9decd4f692e9cfc2fd4dde2251389fca7.tar.gz podman-38f73db9decd4f692e9cfc2fd4dde2251389fca7.tar.bz2 podman-38f73db9decd4f692e9cfc2fd4dde2251389fca7.zip | |
Merge pull request #6977 from mheon/fix_6953
Preserve passwd on container restart
Diffstat (limited to 'libpod/container_internal.go')
| -rw-r--r-- | libpod/container_internal.go | 37 |
1 files changed, 22 insertions, 15 deletions
diff --git a/libpod/container_internal.go b/libpod/container_internal.go index e98e20b9b..a79b9e5a8 100644 --- a/libpod/container_internal.go +++ b/libpod/container_internal.go @@ -28,7 +28,6 @@ import ( securejoin "github.com/cyphar/filepath-securejoin" spec "github.com/opencontainers/runtime-spec/specs-go" "github.com/opencontainers/runtime-tools/generate" - "github.com/opencontainers/selinux/go-selinux/label" "github.com/opentracing/opentracing-go" "github.com/pkg/errors" "github.com/sirupsen/logrus" @@ -1759,32 +1758,40 @@ func (c *Container) postDeleteHooks(ctx context.Context) error { return nil } -// writeStringToRundir copies the provided file to the runtimedir -func (c *Container) writeStringToRundir(destFile, output string) (string, error) { +// writeStringToRundir writes the given string to a file with the given name in +// the container's temporary files directory. The file will be chown'd to the +// container's root user and have an appropriate SELinux label set. +// If a file with the same name already exists, it will be deleted and recreated +// with the new contents. +// Returns the full path to the new file. +func (c *Container) writeStringToRundir(destFile, contents string) (string, error) { destFileName := filepath.Join(c.state.RunDir, destFile) if err := os.Remove(destFileName); err != nil && !os.IsNotExist(err) { return "", errors.Wrapf(err, "error removing %s for container %s", destFile, c.ID()) } - f, err := os.Create(destFileName) - if err != nil { - return "", errors.Wrapf(err, "unable to create %s", destFileName) - } - defer f.Close() - if err := f.Chown(c.RootUID(), c.RootGID()); err != nil { + if err := writeStringToPath(destFileName, contents, c.config.MountLabel, c.RootUID(), c.RootGID()); err != nil { return "", err } - if _, err := f.WriteString(output); err != nil { - return "", errors.Wrapf(err, "unable to write %s", destFileName) - } - // Relabel runDirResolv for the container - if err := label.Relabel(destFileName, c.config.MountLabel, false); err != nil { + return destFileName, nil +} + +// writeStringToStaticDir writes the given string to a file with the given name +// in the container's permanent files directory. The file will be chown'd to the +// container's root user and have an appropriate SELinux label set. +// Unlike writeStringToRundir, will *not* delete and re-create if the file +// already exists (will instead error). +// Returns the full path to the new file. +func (c *Container) writeStringToStaticDir(filename, contents string) (string, error) { + destFileName := filepath.Join(c.config.StaticDir, filename) + + if err := writeStringToPath(destFileName, contents, c.config.MountLabel, c.RootUID(), c.RootGID()); err != nil { return "", err } - return filepath.Join(c.state.RunDir, destFile), nil + return destFileName, nil } // appendStringToRundir appends the provided string to the runtimedir file |