a6d2ba2fd1
When the overlay driver (and some others) tries to access the directories for the relevant layers it uses faccessat syscall (in fileutils.Exists() fileutils.Lexists()). The syscall is missing the AT_EACCESS flag and so permissions to access the files are determined solely on the uid. This error happens when we run with a user that has the correct capabilities to access the file (e.g cap_dac_override) but the file permissions don't allow the specific user. This commit adds the AT_EACCESS flag to the faccessat syscall in Exists() and Lexists() functions to ensure that they will be able to verify file existence based on the effective user. Signed-off-by: Shahar Liberman <shahar.liberman@wiz.io> |
||
|---|---|---|
| .. | ||
| exists_freebsd.go | ||
| exists_test.go | ||
| exists_unix.go | ||
| exists_windows.go | ||
| fileutils.go | ||
| fileutils_darwin.go | ||
| fileutils_solaris.go | ||
| fileutils_test.go | ||
| fileutils_unix.go | ||
| fileutils_windows.go | ||
| reflink_linux.go | ||
| reflink_unsupported.go | ||