From 9b206072faa0511eea65f243d36226248c0a098f Mon Sep 17 00:00:00 2001 From: Ophestra Date: Sat, 28 Dec 2024 14:39:01 +0900 Subject: [PATCH] cmd/fshim: ensure data directory Ensuring home directory in shim causes the directory to be owned by the target user. Signed-off-by: Ophestra --- cmd/fshim/ipc/payload.go | 2 ++ cmd/fshim/main.go | 15 +++++++++++++++ internal/app/start.go | 1 + 3 files changed, 18 insertions(+) diff --git a/cmd/fshim/ipc/payload.go b/cmd/fshim/ipc/payload.go index 3ef2dac..92e51e8 100644 --- a/cmd/fshim/ipc/payload.go +++ b/cmd/fshim/ipc/payload.go @@ -13,6 +13,8 @@ type Payload struct { Exec [2]string // bwrap config Bwrap *bwrap.Config + // path to outer home directory + Home string // sync fd Sync *uintptr diff --git a/cmd/fshim/main.go b/cmd/fshim/main.go index 6b27122..5aece38 100644 --- a/cmd/fshim/main.go +++ b/cmd/fshim/main.go @@ -81,6 +81,21 @@ func main() { // not fatal } + // ensure home directory as target user + if s, err := os.Stat(payload.Home); err != nil { + if os.IsNotExist(err) { + if err = os.Mkdir(payload.Home, 0700); err != nil { + fmsg.Fatalf("cannot create home directory: %v", err) + } + } else { + fmsg.Fatalf("cannot access home directory: %v", err) + } + + // home directory is created, proceed + } else if !s.IsDir() { + fmsg.Fatalf("data path %q is not a directory", payload.Home) + } + var ic init0.Payload // resolve argv0 diff --git a/internal/app/start.go b/internal/app/start.go index 3736abd..cc13181 100644 --- a/internal/app/start.go +++ b/internal/app/start.go @@ -49,6 +49,7 @@ func (a *app) Start() error { Argv: a.seal.command, Exec: shimExec, Bwrap: a.seal.sys.bwrap, + Home: a.seal.sys.user.data, Verbose: fmsg.Verbose(), },