drivers/aufs: inherit permissions on "/" from parent layers

When creating a new aufs base layer, default its permissions to 0555 instead of 0755, bringing it in line with overlay. When creating an aufs layer based on another layer, use the permissions of the parent layer's root directory as the permissions of the root directory of the new layer. Signed-off-by: Nalin Dahyabhai <nalin@redhat.com>
2021-02-23 18:25:56 -05:00 · 2021-02-23 18:25:56 -05:00 · 1a99a64422
parent c434673f89
commit 1a99a64422
1 changed files with 6 additions and 2 deletions
--- a/drivers/aufs/aufs.go
+++ b/drivers/aufs/aufs.go
@ -63,6 +63,8 @@ var (
 	enableDirperm     bool
 )

+const defaultPerms = os.FileMode(0555)
+
 func init() {
 	graphdriver.Register("aufs", Init)
 }
@ -312,20 +314,22 @@ func (a *Driver) createDirsFor(id, parent string) error {
 		"diff",
 	}

-	// Directory permission is 0755.
+	// Directory permission is 0555.
 	// The path of directories are <aufs_root_path>/mnt/<image_id>
 	// and <aufs_root_path>/diff/<image_id>
 	for _, p := range paths {
 		rootPair := idtools.NewIDMappingsFromMaps(a.uidMaps, a.gidMaps).RootPair()
+		rootPerms := defaultPerms
 		if parent != "" {
 			st, err := system.Stat(path.Join(a.rootPath(), p, parent))
 			if err != nil {
 				return err
 			}
+			rootPerms = os.FileMode(st.Mode())
 			rootPair.UID = int(st.UID())
 			rootPair.GID = int(st.GID())
 		}
-		if err := idtools.MkdirAllAndChownNew(path.Join(a.rootPath(), p, id), os.FileMode(0755), rootPair); err != nil {
+		if err := idtools.MkdirAllAndChownNew(path.Join(a.rootPath(), p, id), rootPerms, rootPair); err != nil {
 			return err
 		}
 	}