containers
/
storage
mirror of https://github.com/containers/storage.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Merge pull request #1947 from cgwalters/chunked-cloexec 

chunked: Set O_CLOEXEC
This commit is contained in:
openshift-merge-bot[bot] 2024-06-05 14:33:28 +00:00 committed by GitHub
parent c923593d5d 661531fb0d
commit 663f6e7c3e
No known key found for this signature in database
GPG Key ID: B5690EEEBB952194
1 changed files with 9 additions and 9 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

18
pkg/chunked/storage_linux.go
View File

@ -375,13 +375,13 @@ func makeCopyBuffer() []byte {
// dirfd is an open file descriptor to the destination root directory. // dirfd is an open file descriptor to the destination root directory.
// useHardLinks defines whether the deduplication can be performed using hard links. // useHardLinks defines whether the deduplication can be performed using hard links.
func copyFileFromOtherLayer(file *fileMetadata, source string, name string, dirfd int, useHardLinks bool) (bool, *os.File, int64, error) { func copyFileFromOtherLayer(file *fileMetadata, source string, name string, dirfd int, useHardLinks bool) (bool, *os.File, int64, error) {
srcDirfd, err := unix.Open(source, unix.O_RDONLY, 0) srcDirfd, err := unix.Open(source, unix.O_RDONLY|unix.O_CLOEXEC, 0)
if err != nil { if err != nil {
return false, nil, 0, fmt.Errorf("open source file: %w", err) return false, nil, 0, fmt.Errorf("open source file: %w", err)
} }
defer unix.Close(srcDirfd) defer unix.Close(srcDirfd)
srcFile, err := openFileUnderRoot(name, srcDirfd, unix.O_RDONLY, 0) srcFile, err := openFileUnderRoot(name, srcDirfd, unix.O_RDONLY|syscall.O_CLOEXEC, 0)
if err != nil { if err != nil {
return false, nil, 0, fmt.Errorf("open source file under target rootfs (%s): %w", name, err) return false, nil, 0, fmt.Errorf("open source file under target rootfs (%s): %w", name, err)
} }
@ -476,7 +476,7 @@ func findFileInOSTreeRepos(file *fileMetadata, ostreeRepos []string, dirfd int,
if st.Size() != file.Size { if st.Size() != file.Size {
continue continue
} }
fd, err := unix.Open(sourceFile, unix.O_RDONLY|unix.O_NONBLOCK, 0) fd, err := unix.Open(sourceFile, unix.O_RDONLY|unix.O_NONBLOCK|unix.O_CLOEXEC, 0)
if err != nil { if err != nil {
logrus.Debugf("could not open sourceFile %s: %v", sourceFile, err) logrus.Debugf("could not open sourceFile %s: %v", sourceFile, err)
return false, nil, 0, nil return false, nil, 0, nil
@ -585,13 +585,13 @@ type missingPart struct {
} }
func (o *originFile) OpenFile() (io.ReadCloser, error) { func (o *originFile) OpenFile() (io.ReadCloser, error) {
srcDirfd, err := unix.Open(o.Root, unix.O_RDONLY, 0) srcDirfd, err := unix.Open(o.Root, unix.O_RDONLY|unix.O_CLOEXEC, 0)
if err != nil { if err != nil {
return nil, fmt.Errorf("open source file: %w", err) return nil, fmt.Errorf("open source file: %w", err)
} }
defer unix.Close(srcDirfd) defer unix.Close(srcDirfd)
srcFile, err := openFileUnderRoot(o.Path, srcDirfd, unix.O_RDONLY, 0) srcFile, err := openFileUnderRoot(o.Path, srcDirfd, unix.O_RDONLY|unix.O_CLOEXEC, 0)
if err != nil { if err != nil {
return nil, fmt.Errorf("open source file under target rootfs: %w", err) return nil, fmt.Errorf("open source file under target rootfs: %w", err)
} }
@ -720,7 +720,7 @@ func openFileUnderRootFallback(dirfd int, name string, flags uint64, mode os.Fil
root = newRoot root = newRoot
} }
parentDirfd, err := unix.Open(root, unix.O_PATH, 0) parentDirfd, err := unix.Open(root, unix.O_PATH|unix.O_CLOEXEC, 0)
if err != nil { if err != nil {
return -1, err return -1, err
} }
@ -1797,7 +1797,7 @@ func (c *chunkedDiffer) ApplyDiff(dest string, options *archive.TarOptions, diff
} }
} }
dirfd, err := unix.Open(dest, unix.O_RDONLY|unix.O_PATH, 0) dirfd, err := unix.Open(dest, unix.O_RDONLY|unix.O_PATH|unix.O_CLOEXEC, 0)
if err != nil { if err != nil {
return output, fmt.Errorf("cannot open %q: %w", dest, err) return output, fmt.Errorf("cannot open %q: %w", dest, err)
} }
@ -2167,13 +2167,13 @@ func (c *chunkedDiffer) mergeTocEntries(fileType compressedFileType, entries []i
// validateChunkChecksum checks if the file at $root/$path[offset:chunk.ChunkSize] has the // validateChunkChecksum checks if the file at $root/$path[offset:chunk.ChunkSize] has the
// same digest as chunk.ChunkDigest // same digest as chunk.ChunkDigest
func validateChunkChecksum(chunk *internal.FileMetadata, root, path string, offset int64, copyBuffer []byte) bool { func validateChunkChecksum(chunk *internal.FileMetadata, root, path string, offset int64, copyBuffer []byte) bool {
parentDirfd, err := unix.Open(root, unix.O_PATH, 0) parentDirfd, err := unix.Open(root, unix.O_PATH|unix.O_CLOEXEC, 0)
if err != nil { if err != nil {
return false return false
} }
defer unix.Close(parentDirfd) defer unix.Close(parentDirfd)
fd, err := openFileUnderRoot(path, parentDirfd, unix.O_RDONLY, 0) fd, err := openFileUnderRoot(path, parentDirfd, unix.O_RDONLY|unix.O_CLOEXEC, 0)
if err != nil { if err != nil {
return false return false
} }