pkg/archive: Unpack() use 0755 permissions for missing directories

Commit edb62a3ace fixed a bug in MkdirAllAndChown()
that caused the specified permissions to not be applied correctly. As a result
of that bug, the configured umask would be applied.

When extracting archives, Unpack() used 0777 permissions when creating missing
parent directories for files that were extracted.
Before edb62a3ace, this resulted in actual
permissions of those directories to be 0755 on most configurations (using a
default 022 umask).

Creating these directories should not depend on the host's umask configuration.
This patch changes the permissions to 0755 to match the previous behavior,
and to reflect the original intent of using 0755 as default.

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
(cherry picked from commit 25ada76437)
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
This commit is contained in:
Sebastiaan van Stijn 2021-02-12 18:00:28 +01:00
parent 5db18e0aba
commit 5d442b1cb7
No known key found for this signature in database
GPG key ID: 76698F39D527CE8C
2 changed files with 20 additions and 1 deletions

View file

@ -942,7 +942,7 @@ loop:
parent := filepath.Dir(hdr.Name)
parentPath := filepath.Join(dest, parent)
if _, err := os.Lstat(parentPath); err != nil && os.IsNotExist(err) {
err = idtools.MkdirAllAndChownNew(parentPath, 0777, rootIDs)
err = idtools.MkdirAllAndChownNew(parentPath, 0755, rootIDs)
if err != nil {
return err
}

View file

@ -3,6 +3,7 @@
package archive // import "github.com/docker/docker/pkg/archive"
import (
"archive/tar"
"bytes"
"fmt"
"io/ioutil"
@ -156,6 +157,24 @@ func TestTarWithHardLinkAndRebase(t *testing.T) {
assert.Check(t, is.Equal(i1, i2))
}
// TestUntarParentPathPermissions is a regression test to check that missing
// parent directories are created with the expected permissions
func TestUntarParentPathPermissions(t *testing.T) {
buf := &bytes.Buffer{}
w := tar.NewWriter(buf)
err := w.WriteHeader(&tar.Header{Name: "foo/bar"})
assert.NilError(t, err)
tmpDir, err := ioutil.TempDir("", t.Name())
assert.NilError(t, err)
defer os.RemoveAll(tmpDir)
err = Untar(buf, tmpDir, nil)
assert.NilError(t, err)
fi, err := os.Lstat(filepath.Join(tmpDir, "foo"))
assert.NilError(t, err)
assert.Equal(t, fi.Mode(), 0755|os.ModeDir)
}
func getNlink(path string) (uint64, error) {
stat, err := os.Stat(path)
if err != nil {