代码拉取完成,页面将自动刷新
同步操作将从 src-openEuler/lxc 强制同步,此操作会覆盖自 Fork 仓库以来所做的任何修改,且无法恢复!!!
确定后同步将在后台操作,完成时将刷新页面,请耐心等待。
From e1bf4afdac0f4e1c19ad24c7c9fb915ce72906ed Mon Sep 17 00:00:00 2001
From: LiFeng <lifeng68@huawei.com>
Date: Sat, 11 Apr 2020 17:24:47 +0800
Subject: [PATCH 04/49] confile: add support umask
lxc.isulad.umask=normal make the container umask to 0022
lxc.isulad.umask=secure make the container umask to 0027 (default)
Signed-off-by: LiFeng <lifeng68@huawei.com>
---
src/lxc/attach.c | 5 +++++
src/lxc/conf.c | 6 ++++++
src/lxc/conf.h | 1 +
src/lxc/confile.c | 38 ++++++++++++++++++++++++++++++++++++++
4 files changed, 50 insertions(+)
diff --git a/src/lxc/attach.c b/src/lxc/attach.c
index 406b8ec..56d62ed 100644
--- a/src/lxc/attach.c
+++ b/src/lxc/attach.c
@@ -659,6 +659,11 @@ static int attach_child_main(struct attach_clone_payload *payload)
(options->attach_flags & LXC_ATTACH_LSM) &&
init_ctx->lsm_label;
+#ifdef HAVE_ISULAD
+ /*isulad: set system umask */
+ umask(init_ctx->container->lxc_conf->umask);
+#endif
+
/* A description of the purpose of this functionality is provided in the
* lxc-attach(1) manual page. We have to remount here and not in the
* parent process, otherwise /proc may not properly reflect the new pid
diff --git a/src/lxc/conf.c b/src/lxc/conf.c
index e9c0a37..e3fce51 100644
--- a/src/lxc/conf.c
+++ b/src/lxc/conf.c
@@ -2567,6 +2567,7 @@ struct lxc_conf *lxc_conf_init(void)
#ifdef HAVE_ISULAD
/* isulad add begin */
lxc_list_init(&new->populate_devs);
+ new->umask = 0027; /*default umask 0027*/
#endif
return new;
@@ -3522,6 +3523,11 @@ int lxc_setup(struct lxc_handler *handler)
if (ret < 0)
return -1;
+#ifdef HAVE_ISULAD
+ /*isulad: set system umask */
+ umask(lxc_conf->umask);
+#endif
+
ret = setup_personality(lxc_conf->personality);
if (ret < 0)
return log_error(-1, "Failed to set personality");
diff --git a/src/lxc/conf.h b/src/lxc/conf.h
index 452458c..7ed3cd0 100644
--- a/src/lxc/conf.h
+++ b/src/lxc/conf.h
@@ -427,6 +427,7 @@ struct lxc_conf {
/* populate devices*/
struct lxc_list populate_devs;
+ mode_t umask; //umask value
#endif
};
diff --git a/src/lxc/confile.c b/src/lxc/confile.c
index f0772f9..2df269a 100644
--- a/src/lxc/confile.c
+++ b/src/lxc/confile.c
@@ -150,6 +150,7 @@ lxc_config_define(proc);
#ifdef HAVE_ISULAD
lxc_config_define(init_args);
lxc_config_define(populate_device);
+lxc_config_define(umask);
#endif
/*
@@ -266,6 +267,7 @@ static struct lxc_config_t config_jump_table[] = {
#ifdef HAVE_ISULAD
{ "lxc.isulad.init.args", set_config_init_args, get_config_init_args, clr_config_init_args, },
{ "lxc.isulad.populate.device", set_config_populate_device, get_config_populate_device, clr_config_populate_device, },
+ { "lxc.isulad.umask", set_config_umask, get_config_umask, clr_config_umask, },
#endif
};
@@ -6273,4 +6275,40 @@ static inline int clr_config_populate_device(const char *key, struct lxc_conf *c
return lxc_clear_populate_devices(c);
}
+/* isulad: set config for umask */
+static int set_config_umask(const char *key, const char *value,
+ struct lxc_conf *lxc_conf, void *data)
+{
+ if (lxc_config_value_empty(value)) {
+ ERROR("Empty umask");
+ return -1;
+ }
+
+ if (strcmp(value, "normal") == 0) {
+ lxc_conf->umask = 0022;
+ return 0;
+ } else if (strcmp(value, "secure") == 0) {
+ lxc_conf->umask = 0027;
+ return 0;
+ } else {
+ ERROR("Invalid native umask: %s", value);
+ return -1;
+ }
+}
+
+/* isulad add: get umask value*/
+static int get_config_umask(const char *key, char *retv, int inlen,
+ struct lxc_conf *c, void *data)
+{
+ return lxc_get_conf_size_t(c, retv, inlen, c->umask);
+}
+
+/* isulad add: clear umask value */
+static inline int clr_config_umask(const char *key, struct lxc_conf *c,
+ void *data)
+{
+ c->umask = 0027;
+ return 0;
+}
+
#endif
--
1.8.3.1
此处可能存在不合适展示的内容,页面不予展示。您可通过相关编辑功能自查并修改。
如您确认内容无涉及 不当用语 / 纯广告导流 / 暴力 / 低俗色情 / 侵权 / 盗版 / 虚假 / 无价值内容或违法国家有关法律法规的内容,可点击提交进行申诉,我们将尽快为您处理。