proxmox-mirrors/mirror_lxc
1
0
Fork 0
mirror of https://git.proxmox.com/git/mirror_lxc synced 2025-08-13 10:45:45 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity

security: fix too wide or inconsistent non-owner permissions

Browse Source 
Signed-off-by: 2xsec <dh48.jeong@samsung.com>
This commit is contained in:
2xsec 2018-09-19 14:30:12 +09:00
parent ee3d71040d
commit e581b9b5f2
No known key found for this signature in database
GPG Key ID: 0BE2750EE612F372
3 changed files with 8 additions and 8 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

8
src/lxc/conf.c
View File

@ -1778,10 +1778,10 @@ static int lxc_setup_dev_console(const struct lxc_rootfs *rootfs,
return -errno;
}
ret = fchmod(console->slave, S_IXUSR | S_IXGRP | S_IXOTH);
ret = fchmod(console->slave, S_IXUSR | S_IXGRP);
if (ret < 0) {
SYSERROR("Failed to set mode \"0%o\" to \"%s\"",
S_IXUSR | S_IXGRP | S_IXOTH, console->name);
S_IXUSR | S_IXGRP, console->name);
return -errno;
}
@ -1848,10 +1848,10 @@ static int lxc_setup_ttydir_console(const struct lxc_rootfs *rootfs,
return -errno;
}
ret = fchmod(console->slave, S_IXUSR | S_IXGRP | S_IXOTH);
ret = fchmod(console->slave, S_IXUSR | S_IXGRP);
if (ret < 0) {
SYSERROR("Failed to set mode \"0%o\" to \"%s\"",
S_IXUSR | S_IXGRP | S_IXOTH, console->name);
S_IXUSR | S_IXGRP, console->name);
return -errno;
}

4
src/lxc/lxccontainer.c
View File

@ -2639,7 +2639,7 @@ static bool do_lxcapi_save_config(struct lxc_container *c, const char *alt_file)
return false;
fd = open(alt_file, O_WRONLY | O_CREAT | O_TRUNC | O_CLOEXEC,
S_IRUSR | S_IWUSR | S_IRGRP | S_IWGRP | S_IROTH | S_IWOTH);
S_IRUSR | S_IWUSR | S_IRGRP | S_IWGRP);
if (fd < 0)
goto on_error;
@ -3841,7 +3841,7 @@ static struct lxc_container *do_lxcapi_clone(struct lxc_container *c, const char
}
fd = open(newpath, O_WRONLY | O_CREAT | O_CLOEXEC,
S_IRUSR | S_IWUSR | S_IRGRP | S_IWGRP | S_IROTH | S_IWOTH);
S_IRUSR | S_IWUSR | S_IRGRP | S_IWGRP);
if (fd < 0) {
SYSERROR("Failed to open \"%s\"", newpath);
goto out;

4
src/lxc/tools/lxc_unshare.c
View File

@ -249,7 +249,7 @@ static void lxc_setup_fs(void)
/* if /dev has been populated by us, /dev/shm does not exist */
if (access("/dev/shm", F_OK))
(void)mkdir("/dev/shm", 0777);
(void)mkdir("/dev/shm", 0770);
/* if we can't mount /dev/shm, continue anyway */
(void)mount_fs("shmfs", "/dev/shm", "tmpfs");
@ -257,7 +257,7 @@ static void lxc_setup_fs(void)
/* If we were able to mount /dev/shm, then /dev exists */
/* Sure, but it's read-only per config :) */
if (access("/dev/mqueue", F_OK))
(void)mkdir("/dev/mqueue", 0666);
(void)mkdir("/dev/mqueue", 0660);
/* continue even without posix message queue support */
(void)mount_fs("mqueue", "/dev/mqueue", "mqueue");