-
Notifications
You must be signed in to change notification settings - Fork 2.5k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Add --umask flag for create, run #7006
Conversation
49ebbe8
to
0c29264
Compare
session = podmanTest.Podman([]string{"create", "--umask", "9999", "--name", "bad", ALPINE}) | ||
session.WaitWithDefaultTimeout() | ||
Expect(session.ExitCode()).To(Not(Equal(0))) | ||
}) |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
You're testing both create and confirming with inspect in here which is good. It might make sense to also add a part of this to the inspect test too, even though it would be redundant. I'll let @mheon make the call there.
All kinds of test unhappiness @ashley-cui |
6dbb789
to
42bef7c
Compare
The random tests are blowing up with |
This looks like there is something wrong with the runtime-tools vendor, that is causing this issue.
|
@ashley-cui I think you might want
|
@rhatdan already updated :) the runtime-tools i vendored in myself, so it might be a vendoring error caused by me.. |
@@ -435,6 +435,9 @@ type ContainerConfig struct { | |||
// Timezone is the timezone inside the container. | |||
// Local means it has the same timezone as the host machine | |||
Timezone string `json:"timezone,omitempty"` | |||
|
|||
// Umask is the umask inside the container. | |||
Umask string `json:"umask,omitempty"` |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Why are we storing this as a string? We should use whatever type the OCI spec uses - probably an int? Parsing should be done when we set the umask.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
The value is actually an octal. Storing it as an int, may make it hard to convert and hard to view in inspect.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
yep, it's a octal representing a bitmap. setting umask to 0022 would actually show up as 18 if stored as an int. i got stuck on this for a good hour or two when implementing LOL
inspect.WaitWithDefaultTimeout() | ||
data := inspect.InspectContainerToJSON() | ||
Expect(len(data)).To(Equal(1)) | ||
Expect(data[0].Config.Umask).To(Equal("0022")) |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Coud you add a test for
podman run --umask 0077 fedora umask
And make sure it outputs 0077
ac042a1
to
6caa6c1
Compare
I'm unable to reproduce locally the system tests that are failing but I confirmed that umask doesn't work on ubuntu at all. Any pointers on how to proceed? @rhatdan |
The system-test failures look suspiciously like something I may have introduced in #6958 - probably a bad interaction with a missing-cleanup bug in one of the integration tests. PR in progress. The umask-on-ubuntu issue looks real though. FW(little)IW my guess is it's runc vs crun. |
@edsantiago thanks! any idea who i should talk to about the ubuntu stuff? |
#7026 should fix the system-test flake. I'm sorry, I have no experience with Ubuntu and no idea how to investigate there. If you want to look into crun vs runc, you can reboot a Fedora system into cgroups v1 mode by booting with |
ce51a2e
to
c6bb490
Compare
|
||
session = podmanTest.Podman([]string{"run", "--umask", "9999", "--rm", ALPINE, "sh", "-c", "umask"}) | ||
session.WaitWithDefaultTimeout() | ||
Expect(session.ExitCode()).To(Not(Equal(0))) |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Ed's standard rant: it's important to check error messages, not just error codes:
Expect(session.ErrorToString()).To(ContainSubstring("Invalid umask"))
Without that, the test could be failing for infinite unrelated reasons: too often a misspelled option or command name yields the expected nonzero exit status, but the test isn't actually testing anything.
Aside from that, lgtm. Nice set of tests.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Sounds good, will keep in mind for future tests too :)
--umask sets the umask inside the container Defaults to 0022 Co-authored-by: Daniel J Walsh <[email protected]> Signed-off-by: Ashley Cui <[email protected]>
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
LGTM
[APPROVALNOTIFIER] This PR is APPROVED This pull-request has been approved by: ashley-cui, giuseppe The full list of commands accepted by this bot can be found here. The pull request process is described here
Needs approval from an approver in each of these files:
Approvers can indicate their approval by writing |
/lgtm |
--umask sets the umask inside the container
Defaults to 0022
Replaces #6946
Co-authored-by: Daniel J Walsh [email protected]
Signed-off-by: Ashley Cui [email protected]