From 528a9d87ac2fbffb154caa7f58a01811359852a5 Mon Sep 17 00:00:00 2001
From: Derek McGowan <derek@mcgstyle.net>
Date: Mon, 17 Jul 2017 13:08:02 -0700
Subject: [PATCH] Create socket parent directory with correct permissions

Often the socket is put into the directory /run/containerd.
When this directory does not exist, it gets created with the
default uid/gid and permission 0660. When the user has specified
a uid or gid, this should be used to set the ownership of that
parent directory and the permissions should be 0770. This worked
in a previous version of containerd but regressed after a refactor.

Signed-off-by: Derek McGowan <derek@mcgstyle.net>
---
 sys/socket_unix.go | 17 +++++++++++++++++
 1 file changed, 17 insertions(+)

diff --git a/sys/socket_unix.go b/sys/socket_unix.go
index cd361c25e..0d5f049aa 100644
--- a/sys/socket_unix.go
+++ b/sys/socket_unix.go
@@ -23,6 +23,11 @@ func CreateUnixSocket(path string) (net.Listener, error) {
 
 // GetLocalListener returns a listerner out of a unix socket.
 func GetLocalListener(path string, uid, gid int) (net.Listener, error) {
+	// Ensure parent directory is created
+	if err := mkdirAs(filepath.Dir(path), uid, gid); err != nil {
+		return nil, err
+	}
+
 	l, err := CreateUnixSocket(path)
 	if err != nil {
 		return l, err
@@ -40,3 +45,15 @@ func GetLocalListener(path string, uid, gid int) (net.Listener, error) {
 
 	return l, nil
 }
+
+func mkdirAs(path string, uid, gid int) error {
+	if _, err := os.Stat(path); err == nil || !os.IsNotExist(err) {
+		return err
+	}
+
+	if err := os.Mkdir(path, 0770); err != nil {
+		return err
+	}
+
+	return os.Chown(path, uid, gid)
+}