MCPcopy
hub / github.com/containerd/containerd / traversePath

Function traversePath

integration/pod_userns_linux_test.go:98–127  ·  view source on GitHub ↗

traversePath gives 755 permissions for all elements in tPath below os.TempDir() and errors out if elements above it don't have read+exec permissions for others. tPath MUST be a descendant of os.TempDir(). The path returned by testing.TempDir() usually is.

(tPath string)

Source from the content-addressed store, hash-verified

96// permissions for others. tPath MUST be a descendant of os.TempDir(). The path
97// returned by testing.TempDir() usually is.
98func traversePath(tPath string) error {
99 // Check the assumption that the argument is under os.TempDir().
100 tempBase := os.TempDir()
101 if !strings.HasPrefix(tPath, tempBase) {
102 return fmt.Errorf("traversePath: %q is not a descendant of %q", tPath, tempBase)
103 }
104
105 var path string
106 for _, p := range strings.SplitAfter(tPath, "/") {
107 path = path + p
108 stats, err := os.Stat(path)
109 if err != nil {
110 return err
111 }
112
113 perm := stats.Mode().Perm()
114 if perm&0o5 == 0o5 {
115 continue
116 }
117 if strings.HasPrefix(tempBase, path) {
118 return fmt.Errorf("traversePath: directory %q MUST have read+exec permissions for others", path)
119 }
120
121 if err := os.Chmod(path, perm|0o755); err != nil {
122 return err
123 }
124 }
125
126 return nil
127}
128
129func TestPodUserNS(t *testing.T) {
130 containerID := uint32(0)

Callers 1

TestPodUserNSFunction · 0.85

Calls 2

StatMethod · 0.65
ModeMethod · 0.45

Tested by

no test coverage detected

Used in the wild real call sites across dependent graphs

searching dependent graphs…