prepareBundleDirectoryPermissions prepares the permissions of the bundle directory according to the needs of the current platform. On Linux when user namespaces are enabled, the permissions are modified to allow the remapped root GID to access the bundle.
(path string, spec []byte)
| 28 | // On Linux when user namespaces are enabled, the permissions are modified to |
| 29 | // allow the remapped root GID to access the bundle. |
| 30 | func prepareBundleDirectoryPermissions(path string, spec []byte) error { |
| 31 | gid, err := remappedGID(spec) |
| 32 | if err != nil { |
| 33 | return err |
| 34 | } |
| 35 | if gid == 0 { |
| 36 | return nil |
| 37 | } |
| 38 | if err := os.Chown(path, -1, int(gid)); err != nil { |
| 39 | return err |
| 40 | } |
| 41 | return os.Chmod(path, 0710) |
| 42 | } |
| 43 | |
| 44 | // ociSpecUserNS is a subset of specs.Spec used to reduce garbage during |
| 45 | // unmarshal. |
no test coverage detected
searching dependent graphs…