Merge pull request #154 from adrianreber/2024-12-14-755

Create directories with 700 and not 644
checkpoint-restore · Dec 14, 2024 · 15dd6b5 · 15dd6b5
2 parents 8a3ffb9 + da73a77
commit 15dd6b5
Show file tree

Hide file tree

Showing 2 changed files with 28 additions and 1 deletion.
diff --git a/internal/container.go b/internal/container.go
@@ -244,7 +244,7 @@ func UntarFiles(src, dest string, files []string) error {
 		for _, file := range files {
 			if strings.Contains(header.Name, file) {
 				// Create the destination folder
-				if err := os.MkdirAll(filepath.Join(dest, filepath.Dir(header.Name)), 0o644); err != nil {
+				if err := os.MkdirAll(filepath.Join(dest, filepath.Dir(header.Name)), 0o700); err != nil {
 					return err
 				}
 				// Create the destination file

diff --git a/test/checkpointctl.bats b/test/checkpointctl.bats
@@ -17,11 +17,13 @@ function checkpointctl() {
 function setup() {
 	TEST_TMP_DIR1=$(mktemp -d)
 	TEST_TMP_DIR2=$(mktemp -d)
+	NON_ROOT_TMP1=$(sudo -u 'nobody' mktemp -d)
 }
 
 function teardown() {
 	[ "$TEST_TMP_DIR1" != "" ] && rm -rf "$TEST_TMP_DIR1"
 	[ "$TEST_TMP_DIR2" != "" ] && rm -rf "$TEST_TMP_DIR2"
+	[ "$NON_ROOT_TMP1" != "" ] && rm -rf "$NON_ROOT_TMP1"
 }
 
 @test "Run checkpointctl" {
@@ -301,6 +303,31 @@ function teardown() {
 	[[ ${lines[10]} == *"piggie/piggie"* ]]
 }
 
+@test "Run checkpointctl inspect with tar file and --ps-tree-cmd as non-root" {
+	if [ "$CHECKPOINTCTL"  == "../checkpointctl.coverage" ]; then
+		skip "non-root test cannot access the coverage directory"
+	fi
+	cp data/config.dump \
+		data/spec.dump "$TEST_TMP_DIR1"
+	mkdir "$TEST_TMP_DIR1"/checkpoint
+	cp test-imgs/pstree.img \
+		test-imgs/core-*.img \
+		test-imgs/pagemap-*.img \
+		test-imgs/pages-*.img \
+		test-imgs/mm-*.img "$TEST_TMP_DIR1"/checkpoint
+	( cd "$TEST_TMP_DIR1" && tar cf "$NON_ROOT_TMP1"/test.tar . )
+	chmod 644 "$NON_ROOT_TMP1"/test.tar
+	NON_ROOT_BIN=$(mktemp)
+	cp "$CHECKPOINTCTL" "$NON_ROOT_BIN"
+	chmod 755 "$NON_ROOT_BIN"
+	run sudo -u 'nobody' "$NON_ROOT_BIN" inspect "$NON_ROOT_TMP1"/test.tar --ps-tree-cmd
+	echo "$output"
+	rm -f "$NON_ROOT_BIN"
+	[ "$status" -eq 0 ]
+	[[ ${lines[9]} == *"Process tree"* ]]
+	[[ ${lines[10]} == *"piggie/piggie"* ]]
+}
+
 @test "Run checkpointctl inspect with tar file and --ps-tree-cmd and missing pages-*.img" {
 	cp data/config.dump \
 		data/spec.dump "$TEST_TMP_DIR1"