Skip to content

Commit

Permalink
merge branch 'pr-2141'
Browse files Browse the repository at this point in the history 
Radostin Stoyanov (1):
  criu: Ensure other users cannot read c/r files

LGTMs: @crosbymichael @cyphar
Closes opencontainers#2141
  • Loading branch information
@cyphar
cyphar committed Dec 6, 2019
2 parents e1b5af0 + a610a84 commit 201b063
Showing 1 changed file with 3 additions and 3 deletions.
6 changes: 3 additions & 3 deletions libcontainer/container_linux.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -940,15 +940,15 @@ func (c *linuxContainer) Checkpoint(criuOpts *CriuOpts) error {

// Since a container can be C/R'ed multiple times,
// the checkpoint directory may already exist.
if err := os.Mkdir(criuOpts.ImagesDirectory, 0755); err != nil && !os.IsExist(err) {
if err := os.Mkdir(criuOpts.ImagesDirectory, 0700); err != nil && !os.IsExist(err) {
return err
}

if criuOpts.WorkDirectory == "" {
criuOpts.WorkDirectory = filepath.Join(c.root, "criu.work")
}

if err := os.Mkdir(criuOpts.WorkDirectory, 0755); err != nil && !os.IsExist(err) {
if err := os.Mkdir(criuOpts.WorkDirectory, 0700); err != nil && !os.IsExist(err) {
return err
}

Expand Down Expand Up @@ -1246,7 +1246,7 @@ func (c *linuxContainer) Restore(process *Process, criuOpts *CriuOpts) error {
}
// Since a container can be C/R'ed multiple times,
// the work directory may already exist.
if err := os.Mkdir(criuOpts.WorkDirectory, 0655); err != nil && !os.IsExist(err) {
if err := os.Mkdir(criuOpts.WorkDirectory, 0700); err != nil && !os.IsExist(err) {
return err
}
workDir, err := os.Open(criuOpts.WorkDirectory)
Expand Down

0 comments on commit 201b063

Please sign in to comment.