From da73a772da79a11e382979c9ab324fe0ef382175 Mon Sep 17 00:00:00 2001 From: Adrian Reber Date: Sat, 14 Dec 2024 09:36:37 +0000 Subject: [PATCH] Create directories with 700 and not 644 checkpointctl was creating directories with 644 which broke usage when running as non-root as checkpointctl was not able to access the directories it created itself. Switching to 700 fixes it. This comes with a test to verify that checkpointctl works as non-root. Signed-off-by: Adrian Reber --- internal/container.go | 2 +- test/checkpointctl.bats | 27 +++++++++++++++++++++++++++ 2 files changed, 28 insertions(+), 1 deletion(-) diff --git a/internal/container.go b/internal/container.go index 791785d5..72cb2918 100644 --- a/internal/container.go +++ b/internal/container.go @@ -244,7 +244,7 @@ func UntarFiles(src, dest string, files []string) error { for _, file := range files { if strings.Contains(header.Name, file) { // Create the destination folder - if err := os.MkdirAll(filepath.Join(dest, filepath.Dir(header.Name)), 0o644); err != nil { + if err := os.MkdirAll(filepath.Join(dest, filepath.Dir(header.Name)), 0o700); err != nil { return err } // Create the destination file diff --git a/test/checkpointctl.bats b/test/checkpointctl.bats index b9499209..ac5593a7 100644 --- a/test/checkpointctl.bats +++ b/test/checkpointctl.bats @@ -17,11 +17,13 @@ function checkpointctl() { function setup() { TEST_TMP_DIR1=$(mktemp -d) TEST_TMP_DIR2=$(mktemp -d) + NON_ROOT_TMP1=$(sudo -u 'nobody' mktemp -d) } function teardown() { [ "$TEST_TMP_DIR1" != "" ] && rm -rf "$TEST_TMP_DIR1" [ "$TEST_TMP_DIR2" != "" ] && rm -rf "$TEST_TMP_DIR2" + [ "$NON_ROOT_TMP1" != "" ] && rm -rf "$NON_ROOT_TMP1" } @test "Run checkpointctl" { @@ -301,6 +303,31 @@ function teardown() { [[ ${lines[10]} == *"piggie/piggie"* ]] } +@test "Run checkpointctl inspect with tar file and --ps-tree-cmd as non-root" { + if [ "$CHECKPOINTCTL" == "../checkpointctl.coverage" ]; then + skip "non-root test cannot access the coverage directory" + fi + cp data/config.dump \ + data/spec.dump "$TEST_TMP_DIR1" + mkdir "$TEST_TMP_DIR1"/checkpoint + cp test-imgs/pstree.img \ + test-imgs/core-*.img \ + test-imgs/pagemap-*.img \ + test-imgs/pages-*.img \ + test-imgs/mm-*.img "$TEST_TMP_DIR1"/checkpoint + ( cd "$TEST_TMP_DIR1" && tar cf "$NON_ROOT_TMP1"/test.tar . ) + chmod 644 "$NON_ROOT_TMP1"/test.tar + NON_ROOT_BIN=$(mktemp) + cp "$CHECKPOINTCTL" "$NON_ROOT_BIN" + chmod 755 "$NON_ROOT_BIN" + run sudo -u 'nobody' "$NON_ROOT_BIN" inspect "$NON_ROOT_TMP1"/test.tar --ps-tree-cmd + echo "$output" + rm -f "$NON_ROOT_BIN" + [ "$status" -eq 0 ] + [[ ${lines[9]} == *"Process tree"* ]] + [[ ${lines[10]} == *"piggie/piggie"* ]] +} + @test "Run checkpointctl inspect with tar file and --ps-tree-cmd and missing pages-*.img" { cp data/config.dump \ data/spec.dump "$TEST_TMP_DIR1"