MCPcopy
hub / github.com/opencontainers/runc / MkdirAllInRoot

Function MkdirAllInRoot

internal/pathrs/mkdirall_pathrslite.go:50–72  ·  view source on GitHub ↗

MkdirAllInRoot attempts to make path, _ := securejoin.SecureJoin(root.Name(), unsafePath) os.MkdirAll(path, mode) os.Open(path) safer against attacks where components in the path are changed between SecureJoin returning and MkdirAll (or Open) being called. In particular, we try to detect any sy

(root *os.File, unsafePath string, mode os.FileMode)

Source from the content-addressed store, hash-verified

48// needed for a lot of runc callers and fixing this would require reworking a
49// lot of path logic).
50func MkdirAllInRoot(root *os.File, unsafePath string, mode os.FileMode) (*os.File, error) {
51 unsafePath, err := hallucinateUnsafePath(root.Name(), unsafePath)
52 if err != nil {
53 return nil, fmt.Errorf("failed to construct hallucinated target path: %w", err)
54 }
55
56 // Check for any silly mode bits.
57 if mode&^0o7777 != 0 {
58 return nil, fmt.Errorf("tried to include non-mode bits in MkdirAll mode: 0o%.3o", mode)
59 }
60 // Linux (and thus os.MkdirAll) silently ignores the suid and sgid bits if
61 // passed. While it would make sense to return an error in that case (since
62 // the user has asked for a mode that won't be applied), for compatibility
63 // reasons we have to ignore these bits.
64 if ignoredBits := mode &^ 0o1777; ignoredBits != 0 {
65 logrus.Warnf("MkdirAll called with no-op mode bits that are ignored by Linux: 0o%.3o", ignoredBits)
66 mode &= 0o1777
67 }
68
69 return retryEAGAIN(func() (*os.File, error) {
70 return pathrs.MkdirAllHandle(root, unsafePath, mode)
71 })
72}

Callers 4

mountCgroupV1Function · 0.92
createOpenMountpointMethod · 0.92
mountToRootfsFunction · 0.92
MkdirAllParentInRootFunction · 0.85

Calls 2

hallucinateUnsafePathFunction · 0.85
retryEAGAINFunction · 0.85

Tested by

no test coverage detected

Used in the wild real call sites across dependent graphs

searching dependent graphs…