chown: restore SUID and SGID bits

be sure the SUID and SGID bits are not lost when we do a chown. Closes: containers/podman#1526 Signed-off-by: Giuseppe Scrivano <[email protected]>
containers · Sep 25, 2018 · 2df72f3 · 2df72f3
1 parent 1d49427
commit 2df72f3
Showing 1 changed file with 10 additions and 0 deletions.
diff --git a/drivers/chown_unix.go b/drivers/chown_unix.go
@@ -45,10 +45,20 @@ func platformLChown(path string, info os.FileInfo, toHost, toContainer *idtools.
 			uid, gid = mappedPair.UID, mappedPair.GID
 		}
 		if uid != int(st.Uid) || gid != int(st.Gid) {
+			stat, err := os.Lstat(path)
+			if err != nil {
+				return fmt.Errorf("%s: lstat(%q): %v", os.Args[0], path, err)
+			}
 			// Make the change.
 			if err := syscall.Lchown(path, uid, gid); err != nil {
 				return fmt.Errorf("%s: chown(%q): %v", os.Args[0], path, err)
 			}
+			// Restore the SUID and SGID bits if they were originally set.
+			if (stat.Mode()&os.ModeSymlink == 0) && stat.Mode()&(os.ModeSetuid|os.ModeSetgid) != 0 {
+				if err := os.Chmod(path, stat.Mode()); err != nil {
+					return fmt.Errorf("%s: chmod(%q): %v", os.Args[0], path, err)
+				}
+			}
 		}
 	}
 	return nil