mirror of
https://github.com/NVIDIA/nvidia-container-toolkit
synced 2024-11-22 16:29:18 +00:00
nvidia-ctk hook chmod: Ignore permission errors
In some cases we might get a permission error trying to chmod - most likely this is due to something beyond our control like whole `/dev` being mounted. Do not fail container creation in this case. Due to loosing control of the program after `exec()`-ing `chmod(1)` program and therefore not being able to handle errors - refactor to use `chmod(2)` syscall instead of `exec()` `chmod(1)` program. Fixes: #143 Signed-off-by: Ievgen Popovych <jmennius@gmail.com>
This commit is contained in:
parent
f1d32f2cd3
commit
eb35d9b30a
@ -17,16 +17,15 @@
|
|||||||
package chmod
|
package chmod
|
||||||
|
|
||||||
import (
|
import (
|
||||||
|
"errors"
|
||||||
"fmt"
|
"fmt"
|
||||||
"io/fs"
|
"io/fs"
|
||||||
"os"
|
"os"
|
||||||
"path/filepath"
|
"path/filepath"
|
||||||
"strconv"
|
"strconv"
|
||||||
"strings"
|
"strings"
|
||||||
"syscall"
|
|
||||||
|
|
||||||
"github.com/NVIDIA/nvidia-container-toolkit/internal/logger"
|
"github.com/NVIDIA/nvidia-container-toolkit/internal/logger"
|
||||||
"github.com/NVIDIA/nvidia-container-toolkit/internal/lookup"
|
|
||||||
"github.com/NVIDIA/nvidia-container-toolkit/internal/oci"
|
"github.com/NVIDIA/nvidia-container-toolkit/internal/oci"
|
||||||
"github.com/urfave/cli/v2"
|
"github.com/urfave/cli/v2"
|
||||||
)
|
)
|
||||||
@ -126,17 +125,16 @@ func (m command) run(c *cli.Context, cfg *config) error {
|
|||||||
return nil
|
return nil
|
||||||
}
|
}
|
||||||
|
|
||||||
locator := lookup.NewExecutableLocator(m.logger, "")
|
for _, path := range paths {
|
||||||
targets, err := locator.Locate("chmod")
|
err = os.Chmod(path, desiredMode)
|
||||||
if err != nil {
|
// in some cases this is not an issue (e.g. whole /dev mounted), see #143
|
||||||
return fmt.Errorf("failed to locate chmod: %v", err)
|
if errors.Is(err, fs.ErrPermission) {
|
||||||
|
m.logger.Debugf("Ignoring permission error with chmod: %v", err)
|
||||||
|
err = nil
|
||||||
|
}
|
||||||
}
|
}
|
||||||
chmodPath := targets[0]
|
|
||||||
|
|
||||||
args := append([]string{filepath.Base(chmodPath), cfg.mode}, paths...)
|
return err
|
||||||
|
|
||||||
//nolint:gosec // TODO: Can we harden this so that there is less risk of command injection
|
|
||||||
return syscall.Exec(chmodPath, args, nil)
|
|
||||||
}
|
}
|
||||||
|
|
||||||
// getPaths updates the specified paths relative to the root.
|
// getPaths updates the specified paths relative to the root.
|
||||||
|
Loading…
Reference in New Issue
Block a user