traversePath gives 755 permissions for all elements in tPath below os.TempDir() and errors out if elements above it don't have read+exec permissions for others. tPath MUST be a descendant of os.TempDir(). The path returned by testing.TempDir() usually is.
(tPath string)
| 96 | // permissions for others. tPath MUST be a descendant of os.TempDir(). The path |
| 97 | // returned by testing.TempDir() usually is. |
| 98 | func traversePath(tPath string) error { |
| 99 | // Check the assumption that the argument is under os.TempDir(). |
| 100 | tempBase := os.TempDir() |
| 101 | if !strings.HasPrefix(tPath, tempBase) { |
| 102 | return fmt.Errorf("traversePath: %q is not a descendant of %q", tPath, tempBase) |
| 103 | } |
| 104 | |
| 105 | var path string |
| 106 | for _, p := range strings.SplitAfter(tPath, "/") { |
| 107 | path = path + p |
| 108 | stats, err := os.Stat(path) |
| 109 | if err != nil { |
| 110 | return err |
| 111 | } |
| 112 | |
| 113 | perm := stats.Mode().Perm() |
| 114 | if perm&0o5 == 0o5 { |
| 115 | continue |
| 116 | } |
| 117 | if strings.HasPrefix(tempBase, path) { |
| 118 | return fmt.Errorf("traversePath: directory %q MUST have read+exec permissions for others", path) |
| 119 | } |
| 120 | |
| 121 | if err := os.Chmod(path, perm|0o755); err != nil { |
| 122 | return err |
| 123 | } |
| 124 | } |
| 125 | |
| 126 | return nil |
| 127 | } |
| 128 | |
| 129 | func TestPodUserNS(t *testing.T) { |
| 130 | containerID := uint32(0) |
no test coverage detected
searching dependent graphs…