Sign Up
Log In
Log In
or
Sign Up
Places
All Projects
Status Monitor
Collapse sidebar
SUSE:SLE-15-SP1:GA
docker.29914
0001-SECRETS-daemon-allow-directory-creation-in...
Overview
Repositories
Revisions
Requests
Users
Attributes
Meta
File 0001-SECRETS-daemon-allow-directory-creation-in-run-secre.patch of Package docker.29914
From 2e2fdee74ce8572ff90f213a444ece63248fa01c Mon Sep 17 00:00:00 2001 From: Aleksa Sarai <asarai@suse.de> Date: Wed, 8 Mar 2017 12:41:54 +1100 Subject: [PATCH 1/4] SECRETS: daemon: allow directory creation in /run/secrets Since FileMode can have the directory bit set, allow a SecretStore implementation to return secrets that are actually directories. This is useful for creating directories and subdirectories of secrets. Signed-off-by: Antonio Murdaca <runcom@redhat.com> Signed-off-by: Aleksa Sarai <asarai@suse.de> --- daemon/container_operations_unix.go | 23 ++++++++++++++++++++--- 1 file changed, 20 insertions(+), 3 deletions(-) diff --git a/daemon/container_operations_unix.go b/daemon/container_operations_unix.go index 290ec59a34a7..b7013fb89c83 100644 --- a/daemon/container_operations_unix.go +++ b/daemon/container_operations_unix.go @@ -4,6 +4,7 @@ package daemon // import "github.com/docker/docker/daemon" import ( + "bytes" "fmt" "os" "path/filepath" @@ -14,6 +15,7 @@ import ( "github.com/docker/docker/daemon/links" "github.com/docker/docker/errdefs" "github.com/docker/docker/libnetwork" + "github.com/docker/docker/pkg/archive" "github.com/docker/docker/pkg/idtools" "github.com/docker/docker/pkg/process" "github.com/docker/docker/pkg/stringid" @@ -206,9 +208,6 @@ func (daemon *Daemon) setupSecretDir(c *container.Container) (setupErr error) { if err != nil { return errors.Wrap(err, "unable to get secret from secret store") } - if err := os.WriteFile(fPath, secret.Spec.Data, s.File.Mode); err != nil { - return errors.Wrap(err, "error injecting secret") - } uid, err := strconv.Atoi(s.File.UID) if err != nil { @@ -219,6 +218,24 @@ func (daemon *Daemon) setupSecretDir(c *container.Container) (setupErr error) { return err } + if s.File.Mode.IsDir() { + if err := os.Mkdir(fPath, s.File.Mode); err != nil { + return errors.Wrap(err, "error creating secretdir") + } + if secret.Spec.Data != nil { + // If the "file" is a directory, then s.File.Data is actually a tar + // archive of the directory. So we just do a tar extraction here. + if err := archive.UntarUncompressed(bytes.NewBuffer(secret.Spec.Data), fPath, &archive.TarOptions{ + IDMap: daemon.idMapping, + }); err != nil { + return errors.Wrap(err, "error injecting secretdir") + } + } + } else { + if err := os.WriteFile(fPath, secret.Spec.Data, s.File.Mode); err != nil { + return errors.Wrap(err, "error injecting secret") + } + } if err := os.Chown(fPath, rootIDs.UID+uid, rootIDs.GID+gid); err != nil { return errors.Wrap(err, "error setting ownership for secret") } -- 2.40.1
Locations
Projects
Search
Status Monitor
Help
OpenBuildService.org
Documentation
API Documentation
Code of Conduct
Contact
Support
@OBShq
Terms
openSUSE Build Service is sponsored by
The Open Build Service is an
openSUSE project
.
Sign Up
Log In
Places
Places
All Projects
Status Monitor