Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

e2e: Avoid hard-coding ImageCacheDir #17243

Merged
merged 1 commit into from
Jan 30, 2023
Merged

e2e: Avoid hard-coding ImageCacheDir #17243

merged 1 commit into from
Jan 30, 2023

Conversation

sstosh
Copy link
Contributor

@sstosh sstosh commented Jan 27, 2023
edited
Loading

  • ImageCacheDir is hard-coded as "/tmp/podman/imagecachedir".
    To avoid this hard-coding, I changed it to "os.TempDir()/imagecachedir".

  • Change ImageCacheDir permissions from 0777 to 0700.
    This directory should be used by per-user.

Signed-off-by: Toshiki Sonoda sonoda.toshiki@fujitsu.com

Related to #17089

Does this PR introduce a user-facing change?

None

rhatdan
rhatdan reviewed Jan 27, 2023
View reviewed changes
test/e2e/common_test.go Outdated
@@ -103,6 +103,7 @@ func TestLibpod(t *testing.T) {

var _ = SynchronizedBeforeSuite(func() []byte {
// make cache dir
ImageCacheDir = filepath.Join(os.TempDir(), "imagecachedir")
if err := os.MkdirAll(ImageCacheDir, 0777); err != nil {
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

The permissions on this directory seems to be too loose. I don't think we should allow different users on the system to share the ImageCacheDir, since it could be an attack route to attack each other.
This should be per user.

Copy link
Contributor Author

@sstosh sstosh Jan 30, 2023
edited
Loading

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Change ImageCacheDir permissions from 0777 to 0700 .
As far as I can see, this change is no ploblem.

@sstosh sstosh force-pushed the e2e-imagecachedir branch 2 times, most recently from 881d41c to 97a684f Compare January 27, 2023 12:24
@rhatdan
Copy link
Member

rhatdan commented Jan 27, 2023

Needs a rebase.

@openshift-merge-robot openshift-merge-robot added the needs-rebase Indicates a PR cannot be merged because it has merge conflicts with HEAD. label Jan 27, 2023
@openshift-merge-robot openshift-merge-robot removed the needs-rebase Indicates a PR cannot be merged because it has merge conflicts with HEAD. label Jan 30, 2023
@sstosh
e2e: Avoid hard-coding ImageCacheDir
2682d3a 
- ImageCacheDir is hard-coded as "/tmp/podman/imagecachedir".
To avoid this hard-coding, I changed it to "os.TempDir()/imagecachedir".

- Change ImageCacheDir permissions from 0777 to 0700.
This directory should be used by per-user.

Signed-off-by: Toshiki Sonoda <sonoda.toshiki@fujitsu.com>
@rhatdan
Copy link
Member

rhatdan commented Jan 30, 2023

/approve
LGTM
@edsantiago @containers/podman-maintainers PTAL

@openshift-ci openshift-ci bot added the approved Indicates a PR has been approved by an approver from all required OWNERS files. label Jan 30, 2023
Luap99
Luap99 requested changes Jan 30, 2023
View reviewed changes
Copy link
Member

@Luap99 Luap99 left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM

Luap99
Luap99 approved these changes Jan 30, 2023
View reviewed changes
Copy link
Member

@Luap99 Luap99 left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Sorry wrong button, LGTM

@openshift-ci
Copy link
Contributor

openshift-ci bot commented Jan 30, 2023

[APPROVALNOTIFIER] This PR is APPROVED

This pull-request has been approved by: Luap99, rhatdan, sstosh

The full list of commands accepted by this bot can be found here.

The pull request process is described here

Needs approval from an approver in each of these files:

Approvers can indicate their approval by writing /approve in a comment
Approvers can cancel approval by writing /approve cancel in a comment

@rhatdan
Copy link
Member

rhatdan commented Jan 30, 2023

/lgtm

@openshift-ci openshift-ci bot added the lgtm Indicates that a PR is ready to be merged. label Jan 30, 2023
edsantiago
edsantiago reviewed Jan 30, 2023
View reviewed changes
test/e2e/config.go

// ImageCacheDir is initialized at runtime.
// e.g., filepath.Join(os.TempDir(), "imagecachedir")
// This directory should be used by per-user.
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This is technically not true, but oh well, too late

@openshift-merge-robot openshift-merge-robot merged commit 929d03a into containers:main Jan 30, 2023
@sstosh sstosh deleted the e2e-imagecachedir branch January 30, 2023 14:22
@github-actions github-actions bot added the locked - please file new issue/PR Assist humans wanting to comment on an old issue or PR with locked comments. label Sep 13, 2023
@github-actions github-actions bot locked as resolved and limited conversation to collaborators Sep 13, 2023
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Reviewers

@edsantiago edsantiago edsantiago left review comments

@rhatdan rhatdan rhatdan left review comments

@Luap99 Luap99 Luap99 approved these changes

Assignees

@rhatdan rhatdan

Labels
approved Indicates a PR has been approved by an approver from all required OWNERS files. lgtm Indicates that a PR is ready to be merged. locked - please file new issue/PR Assist humans wanting to comment on an old issue or PR with locked comments. release-note-none
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
5 participants
@sstosh @rhatdan @edsantiago @Luap99 @openshift-merge-robot