Only open save output file with WRONLY #12408
Conversation
|
[APPROVALNOTIFIER] This PR is APPROVED This pull-request has been approved by: rhatdan The full list of commands accepted by this bot can be found here. The pull request process is described here
Needs approval from an approver in each of these files:
Approvers can indicate their approval by writing |
openshift-ci
bot
added
the
approved
|
@vrothberg @mtrmac @xandris PTAL |
|
@mtrmac Better. |
|
Yes, this is what I think is going wrong and how to fix it, but please wait for a confirmation from someone who has Podman remote actually set up. |
|
I think this is only podman on a MAC too, correct. I could not get this to fail on Linux. |
|
It might be possible to reproduce on Linux using something like touch output;
chmod 0200 output # u=w,u-r
podman save $other-args -o output # Must be podman-remote!where the podman/cmd/podman/images/save.go Line 115 in 7324d94 |
|
Works for me. I checked out this branch, built it, and ran it on my Mac, comparing the behavior to the Homebrew-installed version: |
| @@ -270,7 +270,7 @@ func (ir *ImageEngine) Save(ctx context.Context, nameOrID string, tags []string, | |||
| defer func() { _ = os.Remove(f.Name()) }() | |||
| } | |||
| default: | |||
| f, err = os.Create(opts.Output) | |||
| f, err = os.OpenFile(opts.Output, os.O_WRONLY|os.O_CREATE|os.O_TRUNC, 0644) | |||
There was a problem hiding this comment.
Can we add a comment here that this mode is important.
There was a problem hiding this comment.
Sure, could you explain to me why? Or what should be in the comment?
default:
// This code was added to allow for opening stdout use on MAC. The mode 0644 is important.
f, err = os.OpenFile(opts.Output, os.O_WRONLY|os.O_CREATE|os.O_TRUNC, 0644)
}
There was a problem hiding this comment.
I mean the flags os.O_WRONLY. If someone has to rework this they might not think about it and change it back to os.Create() for example.
Maybe adding a link to the issue would help
The previous code fails on a MAC when opening /dev/stdout Fixes: containers#12402 [NO NEW TESTS NEEDED] No easy way to test this. Signed-off-by: Daniel J Walsh <[email protected]>
|
/lgtm |
github-actions
bot
added
the
locked - please file new issue/PR
The previous code fails on a MAC when opening /dev/stdout
Fixes: #12402
[NO NEW TESTS NEEDED] No easy way to test this.
Signed-off-by: Daniel J Walsh [email protected]
What this PR does / why we need it:
How to verify it
Which issue(s) this PR fixes:
Special notes for your reviewer: