Allow spec file permisions to be specified

Signed-off-by: Evan Lezar <elezar@nvidia.com>
2024-11-22 00:08:11 +00:00 · 2023-05-02 16:27:50 +02:00 · 2023-05-02 16:27:50 +02:00 · 367a30827f
commit 367a30827f
parent fe8ef9e0bd
2 changed files with 23 additions and 3 deletions
--- a/pkg/nvcdi/spec/builder.go
+++ b/pkg/nvcdi/spec/builder.go
@ -18,6 +18,7 @@ package spec

 import (
 	"fmt"
+	"os"

 	"github.com/NVIDIA/nvidia-container-toolkit/pkg/nvcdi/transform"
 	"github.com/container-orchestrated-devices/container-device-interface/pkg/cdi"
@ -33,6 +34,7 @@ type builder struct {
 	edits       specs.ContainerEdits
 	format      string
 	noSimplify  bool
+	permissions os.FileMode
 }

 // newBuilder creates a new spec builder with the supplied options
@ -60,7 +62,9 @@ func newBuilder(opts ...Option) *builder {
 	if s.format == "" {
 		s.format = FormatYAML
 	}
-
+	if s.permissions == 0 {
+		s.permissions = 0600
+	}
 	return s
 }

@ -157,3 +161,10 @@ func WithRawSpec(raw *specs.Spec) Option {
 		o.raw = raw
 	}
 }
+
+// WithPermissions sets the permissions for the generated spec file
+func WithPermissions(permissions os.FileMode) Option {
+	return func(o *builder) {
+		o.permissions = permissions
+	}
+}
--- a/pkg/nvcdi/spec/spec.go
+++ b/pkg/nvcdi/spec/spec.go
@ -28,7 +28,8 @@ import (

 type spec struct {
 	*specs.Spec
-	format string
+	format      string
+	permissions os.FileMode
 }

 var _ Interface = (*spec)(nil)
@ -51,7 +52,15 @@ func (s *spec) Save(path string) error {
 		cdi.WithSpecDirs(specDir),
 	)

-	return registry.SpecDB().WriteSpec(s.Raw(), filepath.Base(path))
+	if err := registry.SpecDB().WriteSpec(s.Raw(), filepath.Base(path)); err != nil {
+		return fmt.Errorf("failed to write spec: %w", err)
+	}
+
+	if err := os.Chmod(path, s.permissions); err != nil {
+		return fmt.Errorf("failed to set permissions on spec file: %w", err)
+	}
+
+	return nil
 }

 // WriteTo writes the spec to the specified writer.