github/containerd
2
0
Fork 0
Code Issues Pull Requests Packages Projects Releases 2 Wiki Activity

Ensure /run/containerd is created with correct perms

Browse Source 
There are a couple directories that get created under the default
state directory ("/run/containerd") even when containerd is configured
to use a different location for its state directory. Create the default
state directory even if containerd is configured to use a different
state directory location. This ensure pkg/shim and pkg/fifo won't create
the default state directory with incorrect permissions when calling
os.MkdirAll for their respective subdirectories.

Signed-off-by: Erikson Tung <etung@netflix.com>
This commit is contained in:
Erikson Tung 2024-07-30 14:18:33 -07:00
parent 2ddd3db952
commit 551ac0600a
1 changed files with 9 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

9
cmd/containerd/server/server.go
View File

@ -88,6 +88,15 @@ func CreateTopLevelDirectories(config *srvconfig.Config) error {
if err := sys.MkdirAllWithACL(config.State, 0o711); err != nil { if err := sys.MkdirAllWithACL(config.State, 0o711); err != nil {
return err return err
} }
if config.State != defaults.DefaultStateDir {
// XXX: socketRoot in pkg/shim is hard-coded to the default state directory.
// See https://github.com/containerd/containerd/issues/10502#issuecomment-2249268582 for why it's set up that way.
// The default fifo directory in pkg/cio is also configured separately and defaults to the default state directory instead of the configured state directory.
// Make sure the default state directory is created with the correct permissions.
if err := sys.MkdirAllWithACL(defaults.DefaultStateDir, 0o711); err != nil {
return err
}
}
if config.TempDir != "" { if config.TempDir != "" {
if err := sys.MkdirAllWithACL(config.TempDir, 0o711); err != nil { if err := sys.MkdirAllWithACL(config.TempDir, 0o711); err != nil {