Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Only open save output file with WRONLY #12408

Merged
merged 1 commit into from
Nov 30, 2021

Conversation

rhatdan
Copy link
Member

@rhatdan rhatdan commented Nov 24, 2021

The previous code fails on a MAC when opening /dev/stdout

Fixes: #12402

[NO NEW TESTS NEEDED] No easy way to test this.

Signed-off-by: Daniel J Walsh dwalsh@redhat.com

What this PR does / why we need it:

How to verify it

Which issue(s) this PR fixes:

Special notes for your reviewer:

@openshift-ci
Copy link
Contributor

openshift-ci bot commented Nov 24, 2021

[APPROVALNOTIFIER] This PR is APPROVED

This pull-request has been approved by: rhatdan

The full list of commands accepted by this bot can be found here.

The pull request process is described here

Needs approval from an approver in each of these files:

Approvers can indicate their approval by writing /approve in a comment
Approvers can cancel approval by writing /approve cancel in a comment

@openshift-ci openshift-ci bot added the approved Indicates a PR has been approved by an approver from all required OWNERS files. label Nov 24, 2021
@rhatdan
Copy link
Member Author

rhatdan commented Nov 24, 2021

@vrothberg @mtrmac @xandris PTAL

Copy link
Collaborator

@mtrmac mtrmac left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

No, it’s the Create above that needs to be changed AFAICS.

(changing that Open(, which is only used to read data for, O_WRONLY can’t work anyway, AFAICS.)


Please have someone with a working Podman on Mac to test this, as well…

@rhatdan
Copy link
Member Author

rhatdan commented Nov 25, 2021

@mtrmac Better.

@mtrmac
Copy link
Collaborator

mtrmac commented Nov 25, 2021

Yes, this is what I think is going wrong and how to fix it, but please wait for a confirmation from someone who has Podman remote actually set up.

@rhatdan
Copy link
Member Author

rhatdan commented Nov 25, 2021

I think this is only podman on a MAC too, correct. I could not get this to fail on Linux.

@mtrmac
Copy link
Collaborator

mtrmac commented Nov 25, 2021

It might be possible to reproduce on Linux using something like

touch output;
chmod 0200 output # u=w,u-r
podman save $other-args -o output # Must be podman-remote!

where the -o output is new, to prevent triggering the (Linux-only)

pipePath, cleanup, err := setupPipe()
code. But that’s just reading the code, I could easily be missing something.

@xandris
Copy link

xandris commented Nov 25, 2021

Works for me. I checked out this branch, built it, and ran it on my Mac, comparing the behavior to the Homebrew-installed version:

❯ ./bin/darwin/podman save centos:7 | sha256sum
08129aca6f66e3aa07368ffb8576e6612b67bd1ca624a7fd155d03aa9608ee8a  -
❯ podman save centos:7 | sha256sum
Error: open /dev/stdout: permission denied

@@ -270,7 +270,7 @@ func (ir *ImageEngine) Save(ctx context.Context, nameOrID string, tags []string,
defer func() { _ = os.Remove(f.Name()) }()
}
default:
f, err = os.Create(opts.Output)
f, err = os.OpenFile(opts.Output, os.O_WRONLY|os.O_CREATE|os.O_TRUNC, 0644)
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Can we add a comment here that this mode is important.

Copy link
Member Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Sure, could you explain to me why? Or what should be in the comment?

   default:
	// This code was added to allow for opening stdout use on MAC. The mode 0644 is important.
	f, err = os.OpenFile(opts.Output, os.O_WRONLY|os.O_CREATE|os.O_TRUNC, 0644)
}

Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I mean the flags os.O_WRONLY. If someone has to rework this they might not think about it and change it back to os.Create() for example.
Maybe adding a link to the issue would help

Copy link
Member Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Ok, I will write that.

The previous code fails on a MAC when opening /dev/stdout

Fixes: containers#12402

[NO NEW TESTS NEEDED] No easy way to test this.

Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
Copy link
Member

@vrothberg vrothberg left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM, nice work!

@Luap99
Copy link
Member

Luap99 commented Nov 30, 2021

/lgtm

@openshift-ci openshift-ci bot added the lgtm Indicates that a PR is ready to be merged. label Nov 30, 2021
@openshift-merge-robot openshift-merge-robot merged commit 8de68b1 into containers:main Nov 30, 2021
@github-actions github-actions bot added the locked - please file new issue/PR Assist humans wanting to comment on an old issue or PR with locked comments. label Sep 22, 2023
@github-actions github-actions bot locked as resolved and limited conversation to collaborators Sep 22, 2023
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Labels
approved Indicates a PR has been approved by an approver from all required OWNERS files. lgtm Indicates that a PR is ready to be merged. locked - please file new issue/PR Assist humans wanting to comment on an old issue or PR with locked comments.
Projects
None yet
Development

Successfully merging this pull request may close these issues.

podman image save results in Error: open /dev/stdout: permission denied
6 participants