aboutsummaryrefslogtreecommitdiffstats
path: root/main
diff options
context:
space:
mode:
authorKaarle Ritvanen <kaarle.ritvanen@datakunkku.fi>2018-04-18 15:13:51 +0300
committerKaarle Ritvanen <kaarle.ritvanen@datakunkku.fi>2018-04-30 00:34:20 +0300
commit481afcc49ce1c59c1f1cf8e8fd47a8bb254d7cc4 (patch)
tree3a079a8e349a545973621fba58b565fc6e760fd6 /main
parent5011922f47cfabc1128109a9c023af66bd72d73f (diff)
downloadaports-481afcc49ce1c59c1f1cf8e8fd47a8bb254d7cc4.tar.bz2
aports-481afcc49ce1c59c1f1cf8e8fd47a8bb254d7cc4.tar.xz
main/lxc: set umask for rootfs
Diffstat (limited to 'main')
-rw-r--r--main/lxc/0001-do_lxcapi_create-set-umask.patch41
-rw-r--r--main/lxc/APKBUILD7
2 files changed, 46 insertions, 2 deletions
diff --git a/main/lxc/0001-do_lxcapi_create-set-umask.patch b/main/lxc/0001-do_lxcapi_create-set-umask.patch
new file mode 100644
index 0000000000..050f3d844b
--- /dev/null
+++ b/main/lxc/0001-do_lxcapi_create-set-umask.patch
@@ -0,0 +1,41 @@
+From 4fc4df8ce71154eb45b7aa18b08b735d99e93eb8 Mon Sep 17 00:00:00 2001
+From: Kaarle Ritvanen <kaarle.ritvanen@datakunkku.fi>
+Date: Sun, 15 Apr 2018 14:50:28 +0300
+Subject: [PATCH] do_lxcapi_create: set umask
+
+---
+ src/lxc/lxccontainer.c | 4 ++++
+ 1 file changed, 4 insertions(+)
+
+diff --git a/src/lxc/lxccontainer.c b/src/lxc/lxccontainer.c
+index 5e8ad00f..0fe766e8 100644
+--- a/src/lxc/lxccontainer.c
++++ b/src/lxc/lxccontainer.c
+@@ -1605,6 +1605,7 @@ static bool do_lxcapi_create(struct lxc_container *c, const char *t,
+ char *const argv[])
+ {
+ bool ret = false;
++ mode_t mask;
+ pid_t pid;
+ char *tpath = NULL;
+ int partial_fd;
+@@ -1673,6 +1674,8 @@ static bool do_lxcapi_create(struct lxc_container *c, const char *t,
+
+ /* no need to get disk lock bc we have the partial locked */
+
++ mask = umask(0022);
++
+ /*
+ * Create the backing store
+ * Note we can't do this in the same task as we use to execute the
+@@ -1732,6 +1735,7 @@ static bool do_lxcapi_create(struct lxc_container *c, const char *t,
+ ret = load_config_locked(c, c->configfile);
+
+ out_unlock:
++ umask(mask);
+ if (partial_fd >= 0)
+ remove_partial(c, partial_fd);
+ out:
+--
+2.17.0
+
diff --git a/main/lxc/APKBUILD b/main/lxc/APKBUILD
index 185051c0be..86d198c23a 100644
--- a/main/lxc/APKBUILD
+++ b/main/lxc/APKBUILD
@@ -5,7 +5,7 @@
pkgname=lxc
pkgver=2.1.1
_pkgver=${pkgver/_rc/.rc}
-pkgrel=6
+pkgrel=7
pkgdesc="Userspace interface for the Linux kernel containment features"
url="https://linuxcontainers.org/lxc/"
arch="all"
@@ -13,12 +13,14 @@ license="GPL"
depends="gzip"
depends_dev="libcap-dev"
makedepends="$depends_dev lvm2 util-linux automake autoconf libtool lua5.3-dev
- linux-headers bash tar docbook2x libseccomp-dev python3-dev dnsmasq"
+ linux-headers bash tar docbook2x libseccomp-dev python3-dev dnsmasq
+ py3-setuptools"
options="suid"
subpackages="$pkgname-dev $pkgname-doc $pkgname-lvm::noarch lua5.3-lxc:_lua53
$pkgname-download:_download:noarch $pkgname-templates::noarch $pkgname-libs
py3-$pkgname:_py3 $pkgname-bridge::noarch $pkgname-bash-completion:bashcomp:noarch"
source="https://github.com/lxc/lxc/archive/lxc-$_pkgver.tar.gz
+ 0001-do_lxcapi_create-set-umask.patch
version.patch
lxc.initd
lxc.confd
@@ -158,6 +160,7 @@ bashcomp() {
}
sha512sums="205d30a8914013f3d31bdcae9786a13b6728ae0d3630f51c644f06e1e96d03631630569a0ce55764ff7b8ee1d1d4d723926fdb2b916396aea212d9c3040b45ab lxc-2.1.1.tar.gz
+029473d929e74c53f27982e713eae151e4b6c61635c4b38c16510b2fa996ea6ed96f29df131e9c58ab155631fc71eeb9cd5b46bcc051a99256c1dce4b0d4d7a5 0001-do_lxcapi_create-set-umask.patch
e2ffcbf55447291a8434a4f37255c3a6a119bc4116c75d205006aa2b070bf6be28535cf6107bead14bbf64bf9fa415346ab544bd1c15e1add7d1c6380e6b2def version.patch
b74ffe7c3e8f193265a90ffeb6e5743b1212bc1416b898e5a7e59ddd7f06fc77dc34e2dcbb3614038ac6222a95e2b9beb9f03ab734c991837203ab626b1b091f lxc.initd
91de43db5369a9e10102933514d674e9c875218a1ff2910dd882e5b9c308f9e430deacb13d1d7e0b2ed1ef682d0bb035aa6f8a6738f54fa2ca3a05acce04e467 lxc.confd