|
@@ -756,10 +756,8 @@ func NewDaemon(ctx context.Context, config *config.Config, pluginStore *plugin.S
|
|
|
return nil, fmt.Errorf("Unable to get the full path to the TempDir (%s): %s", tmp, err)
|
|
|
}
|
|
|
if isWindows {
|
|
|
- if _, err := os.Stat(realTmp); err != nil && os.IsNotExist(err) {
|
|
|
- if err := system.MkdirAll(realTmp, 0700); err != nil {
|
|
|
- return nil, fmt.Errorf("Unable to create the TempDir (%s): %s", realTmp, err)
|
|
|
- }
|
|
|
+ if err := system.MkdirAll(realTmp, 0); err != nil {
|
|
|
+ return nil, fmt.Errorf("Unable to create the TempDir (%s): %s", realTmp, err)
|
|
|
}
|
|
|
os.Setenv("TEMP", realTmp)
|
|
|
os.Setenv("TMP", realTmp)
|
|
@@ -813,7 +811,7 @@ func NewDaemon(ctx context.Context, config *config.Config, pluginStore *plugin.S
|
|
|
}
|
|
|
|
|
|
daemonRepo := filepath.Join(config.Root, "containers")
|
|
|
- if err := idtools.MkdirAllAndChown(daemonRepo, 0710, idtools.Identity{
|
|
|
+ if err := idtools.MkdirAllAndChown(daemonRepo, 0o710, idtools.Identity{
|
|
|
UID: idtools.CurrentIdentity().UID,
|
|
|
GID: rootIDs.GID,
|
|
|
}); err != nil {
|
|
@@ -822,8 +820,7 @@ func NewDaemon(ctx context.Context, config *config.Config, pluginStore *plugin.S
|
|
|
|
|
|
// Create the directory where we'll store the runtime scripts (i.e. in
|
|
|
// order to support runtimeArgs)
|
|
|
- daemonRuntimes := filepath.Join(config.Root, "runtimes")
|
|
|
- if err := system.MkdirAll(daemonRuntimes, 0700); err != nil {
|
|
|
+ if err = os.Mkdir(filepath.Join(config.Root, "runtimes"), 0o700); err != nil && !errors.Is(err, os.ErrExist) {
|
|
|
return nil, err
|
|
|
}
|
|
|
if err := d.loadRuntimes(); err != nil {
|
|
@@ -831,7 +828,10 @@ func NewDaemon(ctx context.Context, config *config.Config, pluginStore *plugin.S
|
|
|
}
|
|
|
|
|
|
if isWindows {
|
|
|
- if err := system.MkdirAll(filepath.Join(config.Root, "credentialspecs"), 0); err != nil {
|
|
|
+ // Note that permissions (0o700) are ignored on Windows; passing them to
|
|
|
+ // show intent only. We could consider using idtools.MkdirAndChown here
|
|
|
+ // to apply an ACL.
|
|
|
+ if err = os.Mkdir(filepath.Join(config.Root, "credentialspecs"), 0o700); err != nil && !errors.Is(err, os.ErrExist) {
|
|
|
return nil, err
|
|
|
}
|
|
|
}
|
|
@@ -1068,7 +1068,7 @@ func NewDaemon(ctx context.Context, config *config.Config, pluginStore *plugin.S
|
|
|
if err != nil {
|
|
|
return nil, err
|
|
|
}
|
|
|
- if err = system.MkdirAll(filepath.Join(config.Root, "trust"), 0700); err != nil {
|
|
|
+ if err = os.Mkdir(filepath.Join(config.Root, "trust"), 0o700); err != nil && !errors.Is(err, os.ErrExist) {
|
|
|
return nil, err
|
|
|
}
|
|
|
}
|
|
@@ -1345,7 +1345,7 @@ func prepareTempDir(rootDir string) (string, error) {
|
|
|
}
|
|
|
}
|
|
|
}
|
|
|
- return tmpDir, idtools.MkdirAllAndChown(tmpDir, 0700, idtools.CurrentIdentity())
|
|
|
+ return tmpDir, idtools.MkdirAllAndChown(tmpDir, 0o700, idtools.CurrentIdentity())
|
|
|
}
|
|
|
|
|
|
func (daemon *Daemon) setGenericResources(conf *config.Config) error {
|