pool/containerd
SHA256
2
0
Fork 1
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Accepting request 1137560 from home:danishprakash:branches:Virtualization:containers

Browse Source 
Add patch for bsc#1217952

OBS-URL: https://build.opensuse.org/request/show/1137560
OBS-URL: https://build.opensuse.org/package/show/Virtualization:containers/containerd?expand=0&rev=165
This commit is contained in:
Dan Čermák 2024-01-08 13:22:28 +00:00 committed by Git OBS Bridge
parent 3e30d80e9f
commit 959c89e4be
3 changed files with 85 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

75
0002-shim-Create-pid-file-with-0644-permissions.patch Normal file
View File

@ -0,0 +1,75 @@
From 260963a354d972201ffe9a6ce882f1c0e9b319d9 Mon Sep 17 00:00:00 2001
From: Jaroslav Jindrak <dzejrou@gmail.com>
Date: Sat, 23 Dec 2023 21:41:54 +0100
Subject: [PATCH 1/2] shim: Create pid-file with 0644 permissions
Fixes ae7021300
In ae7021300 the WritePidFile and WriteAddress functions were
changed to use AtomicFile instead of os.CreateFile. However,
AtomicFile creates a temporary file and then changes its permissions
with os.Chmod which alters the previously observed behavior of
os.CreateFile which takes the system's umask into account.
This means that on Linux-based systems these files suddenly
became world writable (#9363). The address file has since been
removed, but pid-file was still created as world writable. This
commit explicitly requests 0644 permissions as even on systems
without default umask of 0022 there is no reason to have these
two files world writable.
Signed-off-by: Jaroslav Jindrak <dzejrou@gmail.com>
(cherry picked from commit 9d328410a5c7bab106fe81cd37a36e4534ce9205)
Signed-off-by: Jaroslav Jindrak <dzejrou@gmail.com>
---
runtime/v2/shim/util.go | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/runtime/v2/shim/util.go b/runtime/v2/shim/util.go
index fce1318a63ad..3740d87dbf8a 100644
--- a/runtime/v2/shim/util.go
+++ b/runtime/v2/shim/util.go
@@ -126,7 +126,7 @@ func WritePidFile(path string, pid int) error {
if err != nil {
return err
}
- f, err := atomicfile.New(path, 0o666)
+ f, err := atomicfile.New(path, 0o644)
if err != nil {
return err
}
From 8d82242eb525f87b91bbc2c2499559855dd363cf Mon Sep 17 00:00:00 2001
From: Jaroslav Jindrak <dzejrou@gmail.com>
Date: Sat, 23 Dec 2023 21:46:12 +0100
Subject: [PATCH 2/2] shim: Create address file with 0644 permissions
Fixes ae70213
In ae70213 the WritePidFile and WriteAddress functions were
changed to use AtomicFile instead of os.CreateFile. However,
AtomicFile creates a temporary file and then changes its permissions
with os.Chmod which alters the previously observed behavior of
os.CreateFile which takes the system's umask into account.
This means that on Linux-based systems these files suddenly
became world writable (#9363).
Signed-off-by: Jaroslav Jindrak <dzejrou@gmail.com>
---
runtime/v2/shim/util.go | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/runtime/v2/shim/util.go b/runtime/v2/shim/util.go
index 3740d87dbf8a..e8cfeec077c5 100644
--- a/runtime/v2/shim/util.go
+++ b/runtime/v2/shim/util.go
@@ -144,7 +144,7 @@ func WriteAddress(path, address string) error {
if err != nil {
return err
}
- f, err := atomicfile.New(path, 0o666)
+ f, err := atomicfile.New(path, 0o644)
if err != nil {
return err
}

6
containerd.changes
View File

@ -1,3 +1,9 @@
-------------------------------------------------------------------
Mon Jan 8 12:12:00 UTC 2024 - Danish Prakash <danish.prakash@suse.com>
- Add patch for bsc#1217952:
+ 0002-shim-Create-pid-file-with-0644-permissions.patch
-------------------------------------------------------------------
Mon Dec 4 08:44:40 UTC 2023 - Aleksa Sarai <asarai@suse.com>

5
containerd.spec
View File

@ -1,7 +1,7 @@
#
# spec file for package containerd
#
# Copyright (c) 2023 SUSE LLC
# Copyright (c) 2024 SUSE LLC
#
# All modifications and additions to the file contributed by third parties
# remain the property of their copyright owners, unless otherwise agreed
@ -41,6 +41,8 @@ Source1: %{name}-rpmlintrc
Source2: %{name}.service
# UPSTREAM: Revert <https://github.com/containerd/containerd/pull/7933> to fix build on SLE-12.
Patch1: 0001-BUILD-SLE12-revert-btrfs-depend-on-kernel-UAPI-inste.patch
# https://github.com/containerd/containerd/pull/9571
Patch2: 0002-shim-Create-pid-file-with-0644-permissions.patch
BuildRequires: fdupes
BuildRequires: glibc-devel-static
BuildRequires: go >= 1.19
@ -99,6 +101,7 @@ reference the following Go import paths: github.com/containerd/containerd
%if 0%{?sle_version} == 120000
%patch1 -p1
%endif
%patch2 -p1
%build
%goprep %{import_path}