diff options
| author | OpenShift Merge Robot <openshift-merge-robot@users.noreply.github.com> | 2019-03-29 07:48:12 -0700 |
|---|---|---|
| committer | GitHub <noreply@github.com> | 2019-03-29 07:48:12 -0700 |
| commit | 284dea453d77f524c400e6c26812828d8a7439c7 (patch) | |
| tree | 084ae250cffdf7090b984c2f88d8b033dd93657c /libpod/runtime.go | |
| parent | 83cea5d5bc6af51cd7df66a34c80af0080d37ba6 (diff) | |
| parent | ca38ca49b8f9c670e3d8a4da1a43a357c83f3f50 (diff) | |
| download | podman-284dea453d77f524c400e6c26812828d8a7439c7.tar.gz podman-284dea453d77f524c400e6c26812828d8a7439c7.tar.bz2 podman-284dea453d77f524c400e6c26812828d8a7439c7.zip | |
Merge pull request #2797 from giuseppe/rootless-set-sticky
rootless: set sticky bit on rundir
Diffstat (limited to 'libpod/runtime.go')
| -rw-r--r-- | libpod/runtime.go | 12 |
1 files changed, 11 insertions, 1 deletions
diff --git a/libpod/runtime.go b/libpod/runtime.go index f7b166513..6e54de558 100644 --- a/libpod/runtime.go +++ b/libpod/runtime.go @@ -309,7 +309,17 @@ func getDefaultTmpDir() (string, error) { if err != nil { return "", err } - return filepath.Join(rootlessRuntimeDir, "libpod", "tmp"), nil + libpodRuntimeDir := filepath.Join(rootlessRuntimeDir, "libpod") + + if err := os.Mkdir(libpodRuntimeDir, 0700|os.ModeSticky); err != nil { + if !os.IsExist(err) { + return "", errors.Wrapf(err, "cannot mkdir %s", libpodRuntimeDir) + } else if err := os.Chmod(libpodRuntimeDir, 0700|os.ModeSticky); err != nil { + // The directory already exist, just set the sticky bit + return "", errors.Wrapf(err, "could not set sticky bit on %s", libpodRuntimeDir) + } + } + return filepath.Join(libpodRuntimeDir, "tmp"), nil } // SetXdgRuntimeDir ensures the XDG_RUNTIME_DIR env variable is set |