diff --git a/pkg/archive/archive_linux_test.go b/pkg/archive/archive_linux_test.go index efff0dddcf..640929298f 100644 --- a/pkg/archive/archive_linux_test.go +++ b/pkg/archive/archive_linux_test.go @@ -86,9 +86,8 @@ func checkFileMode(t *testing.T, path string, perm os.FileMode) { } func TestOverlayTarUntar(t *testing.T) { - oldmask, err := system.Umask(0) - assert.NilError(t, err) - defer system.Umask(oldmask) + restore := overrideUmask(0) + defer restore() src, err := os.MkdirTemp("", "docker-test-overlay-tar-src") assert.NilError(t, err) @@ -125,9 +124,8 @@ func TestOverlayTarUntar(t *testing.T) { } func TestOverlayTarAUFSUntar(t *testing.T) { - oldmask, err := system.Umask(0) - assert.NilError(t, err) - defer system.Umask(oldmask) + restore := overrideUmask(0) + defer restore() src, err := os.MkdirTemp("", "docker-test-overlay-tar-src") assert.NilError(t, err) diff --git a/pkg/archive/diff.go b/pkg/archive/diff.go index 62409d827e..8eeccb608b 100644 --- a/pkg/archive/diff.go +++ b/pkg/archive/diff.go @@ -229,13 +229,8 @@ func applyLayerHandler(dest string, layer io.Reader, options *TarOptions, decomp dest = filepath.Clean(dest) // We need to be able to set any perms - if runtime.GOOS != "windows" { - oldmask, err := system.Umask(0) - if err != nil { - return 0, err - } - defer system.Umask(oldmask) - } + restore := overrideUmask(0) + defer restore() if decompress { decompLayer, err := DecompressStream(layer) diff --git a/pkg/archive/diff_unix.go b/pkg/archive/diff_unix.go new file mode 100644 index 0000000000..d7f806445e --- /dev/null +++ b/pkg/archive/diff_unix.go @@ -0,0 +1,22 @@ +//go:build !windows +// +build !windows + +package archive + +import "golang.org/x/sys/unix" + +// overrideUmask sets current process's file mode creation mask to newmask +// and returns a function to restore it. +// +// WARNING for readers stumbling upon this code. Changing umask in a multi- +// threaded environment isn't safe. Don't use this without understanding the +// risks, and don't export this function for others to use (we shouldn't even +// be using this ourself). +// +// FIXME(thaJeztah): we should get rid of these hacks if possible. +func overrideUmask(newMask int) func() { + oldMask := unix.Umask(newMask) + return func() { + unix.Umask(oldMask) + } +} diff --git a/pkg/archive/diff_windows.go b/pkg/archive/diff_windows.go new file mode 100644 index 0000000000..d28f5b2dfd --- /dev/null +++ b/pkg/archive/diff_windows.go @@ -0,0 +1,6 @@ +package archive + +// overrideUmask is a no-op on windows. +func overrideUmask(newmask int) func() { + return func() {} +} diff --git a/pkg/chrootarchive/diff_unix.go b/pkg/chrootarchive/diff_unix.go index e1bf74d1d5..fcc02f675e 100644 --- a/pkg/chrootarchive/diff_unix.go +++ b/pkg/chrootarchive/diff_unix.go @@ -16,7 +16,7 @@ import ( "github.com/containerd/containerd/pkg/userns" "github.com/docker/docker/pkg/archive" "github.com/docker/docker/pkg/reexec" - "github.com/docker/docker/pkg/system" + "golang.org/x/sys/unix" ) type applyLayerResponse struct { @@ -42,11 +42,8 @@ func applyLayer() { } // We need to be able to set any perms - oldmask, err := system.Umask(0) - defer system.Umask(oldmask) - if err != nil { - fatal(err) - } + oldmask := unix.Umask(0) + defer unix.Umask(oldmask) if err := json.Unmarshal([]byte(os.Getenv("OPT")), &options); err != nil { fatal(err) diff --git a/pkg/system/umask.go b/pkg/system/umask.go deleted file mode 100644 index d4a15cbedc..0000000000 --- a/pkg/system/umask.go +++ /dev/null @@ -1,14 +0,0 @@ -//go:build !windows -// +build !windows - -package system // import "github.com/docker/docker/pkg/system" - -import ( - "golang.org/x/sys/unix" -) - -// Umask sets current process's file mode creation mask to newmask -// and returns oldmask. -func Umask(newmask int) (oldmask int, err error) { - return unix.Umask(newmask), nil -} diff --git a/pkg/system/umask_windows.go b/pkg/system/umask_windows.go deleted file mode 100644 index fc62388c38..0000000000 --- a/pkg/system/umask_windows.go +++ /dev/null @@ -1,7 +0,0 @@ -package system // import "github.com/docker/docker/pkg/system" - -// Umask is not supported on the windows platform. -func Umask(newmask int) (oldmask int, err error) { - // should not be called on cli code path - return 0, ErrNotSupportedPlatform -}