sandbox: set mkdir perm

Signed-off-by: Ophestra <cat@gensokyo.uk>
2025-03-24 12:45:19 +09:00
parent 0eb1bc6301
commit 40f00d570e
4 changed files with 39 additions and 25 deletions
--- a/sandbox/mount.go
+++ b/sandbox/mount.go
@@ -101,7 +101,7 @@ func remountWithFlags(n *vfs.MountInfoNode, mf uintptr) error {

 func mountTmpfs(fsname, name string, size int, perm os.FileMode) error {
 	target := toSysroot(name)
-	if err := os.MkdirAll(target, perm); err != nil {
+	if err := os.MkdirAll(target, parentPerm(perm)); err != nil {
 		return msg.WrapErr(err, err.Error())
 	}
 	opt := fmt.Sprintf("mode=%#o", perm)
@@ -112,3 +112,14 @@ func mountTmpfs(fsname, name string, size int, perm os.FileMode) error {
 		syscall.MS_NOSUID|syscall.MS_NODEV, opt),
 		fmt.Sprintf("cannot mount tmpfs on %q:", name))
 }
+
+func parentPerm(perm os.FileMode) os.FileMode {
+	pperm := 0755
+	if perm&0070 == 0 {
+		pperm &= ^0050
+	}
+	if perm&0007 == 0 {
+		pperm &= ^0005
+	}
+	return os.FileMode(pperm)
+}