pool/docker
SHA256
4
0
Fork 1
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
docker/0001-SECRETS-daemon-allow-directory-creation-in-run-secre.patch
Aleksa Sarai 37241ca5cc - Update to Docker 28.2.2-ce. See upstream changelog online at 
<https://github.com/moby/moby/releases/tag/v28.2.2>
- Rebase patches:
 * 0001-SECRETS-daemon-allow-directory-creation-in-run-secre.patch
 * 0002-SECRETS-SUSE-implement-SUSE-container-secrets.patch
 * 0003-BUILD-SLE12-revert-graphdriver-btrfs-use-kernel-UAPI.patch
 * 0004-bsc1073877-apparmor-clobber-docker-default-profile-o.patch
 * 0005-SLE12-revert-apparmor-remove-version-conditionals-fr.patch

OBS-URL: https://build.opensuse.org/package/show/Virtualization:containers/docker?expand=0&rev=433
2025-05-30 17:59:48 +00:00

74 lines
2.6 KiB
Diff
Raw Permalink Blame History

From 29b26f9d3b2aa462a4420ebf67781a9a044d8c96 Mon Sep 17 00:00:00 2001
From: Aleksa Sarai <asarai@suse.de>
Date: Wed, 8 Mar 2017 12:41:54 +1100
Subject: [PATCH 1/5] SECRETS: daemon: allow directory creation in /run/secrets
Since FileMode can have the directory bit set, allow a SecretStore
implementation to return secrets that are actually directories. This is
useful for creating directories and subdirectories of secrets.
Signed-off-by: Antonio Murdaca <runcom@redhat.com>
Signed-off-by: Aleksa Sarai <asarai@suse.de>
---
daemon/container_operations_unix.go | 23 ++++++++++++++++++++---
1 file changed, 20 insertions(+), 3 deletions(-)
diff --git a/daemon/container_operations_unix.go b/daemon/container_operations_unix.go
index 4316cc4a1157..2309d589ae9e 100644
--- a/daemon/container_operations_unix.go
+++ b/daemon/container_operations_unix.go
@@ -3,6 +3,7 @@
package daemon // import "github.com/docker/docker/daemon"
import (
+ "bytes"
"context"
"fmt"
"os"
@@ -21,6 +22,7 @@ import (
"github.com/docker/docker/libnetwork/drivers/bridge"
"github.com/docker/docker/pkg/process"
"github.com/docker/docker/pkg/stringid"
+ "github.com/moby/go-archive"
"github.com/moby/sys/mount"
"github.com/moby/sys/user"
"github.com/opencontainers/selinux/go-selinux/label"
@@ -325,9 +327,6 @@ func (daemon *Daemon) setupSecretDir(ctr *container.Container) (setupErr error)
if err != nil {
return errors.Wrap(err, "unable to get secret from secret store")
}
- if err := os.WriteFile(fPath, secret.Spec.Data, s.File.Mode); err != nil {
- return errors.Wrap(err, "error injecting secret")
- }
uid, err := strconv.Atoi(s.File.UID)
if err != nil {
@@ -338,6 +337,24 @@ func (daemon *Daemon) setupSecretDir(ctr *container.Container) (setupErr error)
return err
}
+ if s.File.Mode.IsDir() {
+ if err := os.Mkdir(fPath, s.File.Mode); err != nil {
+ return errors.Wrap(err, "error creating secretdir")
+ }
+ if secret.Spec.Data != nil {
+ // If the "file" is a directory, then s.File.Data is actually a tar
+ // archive of the directory. So we just do a tar extraction here.
+ if err := archive.UntarUncompressed(bytes.NewBuffer(secret.Spec.Data), fPath, &archive.TarOptions{
+ IDMap: daemon.idMapping,
+ }); err != nil {
+ return errors.Wrap(err, "error injecting secretdir")
+ }
+ }
+ } else {
+ if err := os.WriteFile(fPath, secret.Spec.Data, s.File.Mode); err != nil {
+ return errors.Wrap(err, "error injecting secret")
+ }
+ }
if err := os.Chown(fPath, ruid+uid, rgid+gid); err != nil {
return errors.Wrap(err, "error setting ownership for secret")
}
--
2.49.0
Reference in New Issue View Git Blame Copy Permalink