Browse code
replace uses of idtools.MkdirAllAndChown, MkdirAllAndChownNew
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
Sebastiaan van Stijn authored on 2025/04/06 19:23:57Showing 6 changed files
- .golangci.yml
- container/container.go
- daemon/initlayer/setup_unix.go
- libcontainerd/remote/client_linux.go
- volume/local/local.go
- volume/mounts/mounts.go
| ... | ... |
@@ -212,7 +212,8 @@ issues: |
| 212 | 212 |
linters: |
| 213 | 213 |
- staticcheck |
| 214 | 214 |
|
| 215 |
- - text: "SA1019: idtools\\.(CurrentIdentity|ToUserIdentityMapping|FromUserIdentityMapping|IDMap|MkdirAndChown|MkdirAllAndChown|MkdirAllAndChownNew) is deprecated" |
|
| 215 |
+ # FIXME(thaJeztah): ignoring these transitional utilities until BuildKit is vendored with https://github.com/moby/moby/pull/49743 |
|
| 216 |
+ - text: "SA1019: idtools\\.(ToUserIdentityMapping|FromUserIdentityMapping) is deprecated" |
|
| 216 | 217 |
linters: |
| 217 | 218 |
- staticcheck |
| 218 | 219 |
|
| ... | ... |
@@ -39,6 +39,7 @@ import ( |
| 39 | 39 |
"github.com/moby/sys/atomicwriter" |
| 40 | 40 |
"github.com/moby/sys/signal" |
| 41 | 41 |
"github.com/moby/sys/symlink" |
| 42 |
+ "github.com/moby/sys/user" |
|
| 42 | 43 |
ocispec "github.com/opencontainers/image-spec/specs-go/v1" |
| 43 | 44 |
"github.com/pkg/errors" |
| 44 | 45 |
"go.opentelemetry.io/otel" |
| ... | ... |
@@ -331,7 +332,7 @@ func (container *Container) SetupWorkingDirectory(rootIdentity idtools.Identity) |
| 331 | 331 |
return err |
| 332 | 332 |
} |
| 333 | 333 |
|
| 334 |
- if err := idtools.MkdirAllAndChownNew(pth, 0o755, rootIdentity); err != nil {
|
|
| 334 |
+ if err := user.MkdirAllAndChown(pth, 0o755, rootIdentity.UID, rootIdentity.GID, user.WithOnlyNew); err != nil {
|
|
| 335 | 335 |
pthInfo, err2 := os.Stat(pth) |
| 336 | 336 |
if err2 == nil && pthInfo != nil && !pthInfo.IsDir() {
|
| 337 | 337 |
return errors.Errorf("Cannot mkdir: %s is not a directory", container.Config.WorkingDir)
|
| ... | ... |
@@ -8,6 +8,7 @@ import ( |
| 8 | 8 |
"strings" |
| 9 | 9 |
|
| 10 | 10 |
"github.com/docker/docker/pkg/idtools" |
| 11 |
+ "github.com/moby/sys/user" |
|
| 11 | 12 |
"golang.org/x/sys/unix" |
| 12 | 13 |
) |
| 13 | 14 |
|
| ... | ... |
@@ -41,12 +42,12 @@ func Setup(initLayerFs string, rootIdentity idtools.Identity) error {
|
| 41 | 41 |
|
| 42 | 42 |
if _, err := os.Stat(filepath.Join(initLayer, pth)); err != nil {
|
| 43 | 43 |
if os.IsNotExist(err) {
|
| 44 |
- if err := idtools.MkdirAllAndChownNew(filepath.Join(initLayer, filepath.Dir(pth)), 0o755, rootIdentity); err != nil {
|
|
| 44 |
+ if err := user.MkdirAllAndChown(filepath.Join(initLayer, filepath.Dir(pth)), 0o755, rootIdentity.UID, rootIdentity.GID, user.WithOnlyNew); err != nil {
|
|
| 45 | 45 |
return err |
| 46 | 46 |
} |
| 47 | 47 |
switch typ {
|
| 48 | 48 |
case "dir": |
| 49 |
- if err := idtools.MkdirAllAndChownNew(filepath.Join(initLayer, pth), 0o755, rootIdentity); err != nil {
|
|
| 49 |
+ if err := user.MkdirAllAndChown(filepath.Join(initLayer, pth), 0o755, rootIdentity.UID, rootIdentity.GID, user.WithOnlyNew); err != nil {
|
|
| 50 | 50 |
return err |
| 51 | 51 |
} |
| 52 | 52 |
case "file": |
| ... | ... |
@@ -12,7 +12,7 @@ import ( |
| 12 | 12 |
"github.com/containerd/containerd/v2/pkg/cio" |
| 13 | 13 |
"github.com/containerd/log" |
| 14 | 14 |
libcontainerdtypes "github.com/docker/docker/libcontainerd/types" |
| 15 |
- "github.com/docker/docker/pkg/idtools" |
|
| 15 |
+ "github.com/moby/sys/user" |
|
| 16 | 16 |
"github.com/opencontainers/runtime-spec/specs-go" |
| 17 | 17 |
) |
| 18 | 18 |
|
| ... | ... |
@@ -59,7 +59,7 @@ func WithBundle(bundleDir string, ociSpec *specs.Spec) containerd.NewContainerOp |
| 59 | 59 |
uid, gid := getSpecUser(ociSpec) |
| 60 | 60 |
if uid == 0 && gid == 0 {
|
| 61 | 61 |
c.Labels[DockerContainerBundlePath] = bundleDir |
| 62 |
- return idtools.MkdirAllAndChownNew(bundleDir, 0o755, idtools.Identity{UID: 0, GID: 0})
|
|
| 62 |
+ return user.MkdirAllAndChown(bundleDir, 0o755, uid, gid, user.WithOnlyNew) |
|
| 63 | 63 |
} |
| 64 | 64 |
|
| 65 | 65 |
p := string(filepath.Separator) |
| ... | ... |
@@ -72,7 +72,7 @@ func WithBundle(bundleDir string, ociSpec *specs.Spec) containerd.NewContainerOp |
| 72 | 72 |
} |
| 73 | 73 |
if os.IsNotExist(err) || fi.Mode()&1 == 0 {
|
| 74 | 74 |
p = fmt.Sprintf("%s.%d.%d", p, uid, gid)
|
| 75 |
- if err := idtools.MkdirAndChown(p, 0o700, idtools.Identity{UID: uid, GID: gid}); err != nil && !os.IsExist(err) {
|
|
| 75 |
+ if err := user.MkdirAndChown(p, 0o700, uid, gid); err != nil && !os.IsExist(err) {
|
|
| 76 | 76 |
return err |
| 77 | 77 |
} |
| 78 | 78 |
} |
| ... | ... |
@@ -20,6 +20,7 @@ import ( |
| 20 | 20 |
"github.com/docker/docker/quota" |
| 21 | 21 |
"github.com/docker/docker/volume" |
| 22 | 22 |
"github.com/moby/sys/atomicwriter" |
| 23 |
+ "github.com/moby/sys/user" |
|
| 23 | 24 |
"github.com/pkg/errors" |
| 24 | 25 |
) |
| 25 | 26 |
|
| ... | ... |
@@ -52,12 +53,13 @@ type activeMount struct {
|
| 52 | 52 |
// volumes. The base path is created here if it does not exist. |
| 53 | 53 |
func New(scope string, rootIdentity idtools.Identity) (*Root, error) {
|
| 54 | 54 |
r := &Root{
|
| 55 |
- path: filepath.Join(scope, volumesPathName), |
|
| 56 |
- volumes: make(map[string]*localVolume), |
|
| 57 |
- rootIdentity: rootIdentity, |
|
| 55 |
+ path: filepath.Join(scope, volumesPathName), |
|
| 56 |
+ volumes: make(map[string]*localVolume), |
|
| 57 |
+ rootUID: rootIdentity.UID, |
|
| 58 |
+ rootGID: rootIdentity.GID, |
|
| 58 | 59 |
} |
| 59 | 60 |
|
| 60 |
- if err := idtools.MkdirAllAndChown(r.path, 0o701, idtools.CurrentIdentity()); err != nil {
|
|
| 61 |
+ if err := user.MkdirAllAndChown(r.path, 0o701, os.Getuid(), os.Getegid()); err != nil {
|
|
| 61 | 62 |
return nil, err |
| 62 | 63 |
} |
| 63 | 64 |
|
| ... | ... |
@@ -106,11 +108,12 @@ func New(scope string, rootIdentity idtools.Identity) (*Root, error) {
|
| 106 | 106 |
// manages the creation/removal of volumes. It uses only standard vfs |
| 107 | 107 |
// commands to create/remove dirs within its provided scope. |
| 108 | 108 |
type Root struct {
|
| 109 |
- m sync.Mutex |
|
| 110 |
- path string |
|
| 111 |
- quotaCtl *quota.Control |
|
| 112 |
- volumes map[string]*localVolume |
|
| 113 |
- rootIdentity idtools.Identity |
|
| 109 |
+ m sync.Mutex |
|
| 110 |
+ path string |
|
| 111 |
+ quotaCtl *quota.Control |
|
| 112 |
+ volumes map[string]*localVolume |
|
| 113 |
+ rootUID int |
|
| 114 |
+ rootGID int |
|
| 114 | 115 |
} |
| 115 | 116 |
|
| 116 | 117 |
// List lists all the volumes |
| ... | ... |
@@ -157,12 +160,12 @@ func (r *Root) Create(name string, opts map[string]string) (volume.Volume, error |
| 157 | 157 |
} |
| 158 | 158 |
|
| 159 | 159 |
// Root dir does not need to be accessed by the remapped root |
| 160 |
- if err := idtools.MkdirAllAndChown(v.rootPath, 0o701, idtools.CurrentIdentity()); err != nil {
|
|
| 160 |
+ if err := user.MkdirAllAndChown(v.rootPath, 0o701, os.Getuid(), os.Getegid()); err != nil {
|
|
| 161 | 161 |
return nil, errors.Wrapf(errdefs.System(err), "error while creating volume root path '%s'", v.rootPath) |
| 162 | 162 |
} |
| 163 | 163 |
|
| 164 | 164 |
// Remapped root does need access to the data path |
| 165 |
- if err := idtools.MkdirAllAndChown(v.path, 0o755, r.rootIdentity); err != nil {
|
|
| 165 |
+ if err := user.MkdirAllAndChown(v.path, 0o755, r.rootUID, r.rootGID); err != nil {
|
|
| 166 | 166 |
return nil, errors.Wrapf(errdefs.System(err), "error while creating volume data path '%s'", v.path) |
| 167 | 167 |
} |
| 168 | 168 |
|
| ... | ... |
@@ -14,6 +14,7 @@ import ( |
| 14 | 14 |
"github.com/docker/docker/pkg/idtools" |
| 15 | 15 |
"github.com/docker/docker/pkg/stringid" |
| 16 | 16 |
"github.com/docker/docker/volume" |
| 17 |
+ "github.com/moby/sys/user" |
|
| 17 | 18 |
"github.com/opencontainers/selinux/go-selinux/label" |
| 18 | 19 |
"github.com/pkg/errors" |
| 19 | 20 |
) |
| ... | ... |
@@ -247,9 +248,9 @@ func (m *MountPoint) Setup(ctx context.Context, mountLabel string, rootIDs idtoo |
| 247 | 247 |
} |
| 248 | 248 |
} |
| 249 | 249 |
|
| 250 |
- // idtools.MkdirAllNewAs() produces an error if m.Source exists and is a file (not a directory) |
|
| 250 |
+ // user.MkdirAllAndChown produces an error if m.Source exists and is a file (not a directory) |
|
| 251 | 251 |
// also, makes sure that if the directory is created, the correct remapped rootUID/rootGID will own it |
| 252 |
- if err := idtools.MkdirAllAndChownNew(m.Source, 0o755, rootIDs); err != nil {
|
|
| 252 |
+ if err := user.MkdirAllAndChown(m.Source, 0o755, rootIDs.UID, rootIDs.GID, user.WithOnlyNew); err != nil {
|
|
| 253 | 253 |
if perr, ok := err.(*os.PathError); ok {
|
| 254 | 254 |
if perr.Err != syscall.ENOTDIR {
|
| 255 | 255 |
return "", noCleanup, errors.Wrapf(err, "error while creating mount source path '%s'", m.Source) |