packages/moby
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

!133 rootless: fix open /etc/docker/plugins: permission denied

Browse Source 
From: @dog-life 
Reviewed-by: @xu_lei_123 
Signed-off-by: @xu_lei_123
This commit is contained in:
openeuler-ci-bot 2025-04-19 09:41:11 +00:00 committed by Gitee
commit 36c4196d32
No known key found for this signature in database
GPG Key ID: 173E9B9CA92EEF8F
2 changed files with 58 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

53
1015-rootless-fix-open-etc-docker-plugins-permission-deni.patch Normal file
View File

@ -0,0 +1,53 @@
From 81ad7062f0299c4ebc9ac3f576a2c0c67d8b6ff8 Mon Sep 17 00:00:00 2001
From: Akihiro Suda <akihiro.suda.cz@hco.ntt.co.jp>
Date: Thu, 14 Mar 2024 14:32:01 +0900
Subject: [PATCH 026/172] rootless: fix `open /etc/docker/plugins: permission
denied`
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
Fix issue 47436
Signed-off-by: Akihiro Suda <akihiro.suda.cz@hco.ntt.co.jp>
(cherry picked from commit d742659877d9bf0bfe64b97e529bc28667974607)
Signed-off-by: Paweł Gronowski <pawel.gronowski@docker.com>
---
pkg/plugins/discovery.go | 12 ++++++++++--
1 file changed, 10 insertions(+), 2 deletions(-)
diff --git a/pkg/plugins/discovery.go b/pkg/plugins/discovery.go
index 37316ed482..503ac574a9 100644
--- a/pkg/plugins/discovery.go
+++ b/pkg/plugins/discovery.go
@@ -10,6 +10,8 @@ import (
"strings"
"sync"
+ "github.com/containerd/containerd/pkg/userns"
+ "github.com/containerd/log"
"github.com/pkg/errors"
)
@@ -56,10 +58,16 @@ func (l *LocalRegistry) Scan() ([]string, error) {
for _, p := range l.specsPaths {
dirEntries, err = os.ReadDir(p)
- if err != nil && !os.IsNotExist(err) {
+ if err != nil {
+ if os.IsNotExist(err) {
+ continue
+ }
+ if os.IsPermission(err) && userns.RunningInUserNS() {
+ log.L.Debug(err.Error())
+ continue
+ }
return nil, errors.Wrap(err, "error reading dir entries")
}
-
for _, entry := range dirEntries {
if entry.IsDir() {
infos, err := os.ReadDir(filepath.Join(p, entry.Name()))
--
2.27.0

6
moby.spec
View File

@ -7,7 +7,7 @@
Name: moby Name: moby
Version: 25.0.3 Version: 25.0.3
Release: 26 Release: 27
Summary: The open-source application container engine Summary: The open-source application container engine
License: Apache-2.0 License: Apache-2.0
URL: https://www.docker.com URL: https://www.docker.com
@ -38,6 +38,7 @@ Patch1011: 1011-fix-CVE-2024-36620.patch
Patch1012: 1012-fix-CVE-2024-36623.patch Patch1012: 1012-fix-CVE-2024-36623.patch
Patch1013: 1013-Don-t-enforce-new-validation-rules-for-existing-netw.patch Patch1013: 1013-Don-t-enforce-new-validation-rules-for-existing-netw.patch
Patch1014: 1014-daemon-overlay2-remove-world-writable-permission-fro.patch Patch1014: 1014-daemon-overlay2-remove-world-writable-permission-fro.patch
Patch1015: 1015-rootless-fix-open-etc-docker-plugins-permission-deni.patch
# Patch 2001-2999 for tini # Patch 2001-2999 for tini
Patch2001: 2001-tini.c-a-function-declaration-without-a-prototype-is.patch Patch2001: 2001-tini.c-a-function-declaration-without-a-prototype-is.patch
Requires(meta): %{name}-engine = %{version}-%{release} Requires(meta): %{name}-engine = %{version}-%{release}
@ -229,6 +230,9 @@ fi
%systemd_postun_with_restart docker.service %systemd_postun_with_restart docker.service
%changelog %changelog
* Thu Apr 17 2025 shechenglong <shechenglong@xfusion.com> - 25.0.3-27
- rootless: fix `open /etc/docker/plugins: permission denied`
* Thu Apr 17 2025 shechenglong <shechenglong@xfusion.com> - 25.0.3-26 * Thu Apr 17 2025 shechenglong <shechenglong@xfusion.com> - 25.0.3-26
- daemon: overlay2: remove world writable permission from the lower file - daemon: overlay2: remove world writable permission from the lower file