config: add "umask" field to POSIX "user" section #941
Conversation
Users may want to specify the umask(2) of the init process in a container. This value is identical in semantics to POSIX. This is in order to allow usage of an OCI container for a service which normally only inherits the umask given to it. Signed-off-by: Aleksa Sarai <[email protected]>
cyphar
force-pushed
the
config-umask-option
branch
from
34da7a6 to
6b04c63
Compare
|
When do you plan to set this during init? Right before exec or when the rootfs is being setup like the existing umask settings? |
| @@ -217,6 +217,7 @@ For POSIX platforms the `user` structure has the following fields: | |||
|
|
|||
| * **`uid`** (int, REQUIRED) specifies the user ID in the [container namespace](glossary.md#container-namespace). | |||
| * **`gid`** (int, REQUIRED) specifies the group ID in the [container namespace](glossary.md#container-namespace). | |||
| * **`umask`** (int, OPTIONAL) specifies the [umask][umask_2] of the user. If unspecified, the umask should not be changed from the calling process' umask. | |||
There was a problem hiding this comment.
nit: the possessive of “process” is “process's”, see us here and the Linux man pages here.
nit: the “If unspecified…” sentence should go on its own line.
| @@ -60,6 +60,9 @@ | |||
| "GID": { | |||
| "$ref": "#/definitions/uint32" | |||
| }, | |||
| "Umask": { | |||
There was a problem hiding this comment.
The indent here is a bit strange. You can automatically format these files by running make fmt in the schema directory.
The way the spec reads now (#700), runtimes will be able to chose either of those as they see fit. |
| @@ -843,6 +846,7 @@ Here is a full example `config.json` for reference. | |||
| [selinux]:http://selinuxproject.org/page/Main_Page | |||
| [no-new-privs]: https://www.kernel.org/doc/Documentation/prctl/no_new_privs.txt | |||
| [proc_2]: https://www.kernel.org/doc/Documentation/filesystems/proc.txt | |||
| [umask.2]: http://pubs.opengroup.org/onlinepubs/009695399/functions/umask.html | |||
There was a problem hiding this comment.
nit: POSIX functions should go be in section 3 (or 3p), so umask.2 should be umask.3. umask.2 would be the Linux kernel docs for umask.
nit: you're linking to the 2004 edition of POSIX. I'd rather stay consistent with our other links and use the 2016 edition (#858).
| @@ -85,6 +85,8 @@ type User struct { | |||
| UID uint32 `json:"uid" platform:"linux,solaris"` | |||
| // GID is the group id. | |||
| GID uint32 `json:"gid" platform:"linux,solaris"` | |||
| // Umask is the umask for the init process. | |||
| Umask uint32 `json:"umask,omitempty" platform:"linux,solaris"` | |||
There was a problem hiding this comment.
Zero is a valid umask (it means “leave the permissions entirely up to the process itself”), so I think we need a pointer here.
|
@crosbymichael In |
|
@cyphar @crosbymichael I interpret this as being set right before exec. Perhaps that could be clearer. |
|
On Wed, Apr 04, 2018 at 03:08:23PM -0700, Vincent Batts wrote:
@cyphar @crosbymichael I interpret this as being set right before
exec. Perhaps that could be clearer.
If you want that interpretation to be portable across compliant
runtimes, I think you'd want to land wording to that effect around
[1], with something like:
Runtimes MUST NOT apply process.user.umask as part of creation; that
property is only applied during [start](#start).
[1]: https://github.com/opencontainers/runtime-spec/blame/v1.0.1/runtime.md#L103
|
|
As this is still pending approval since April - what needs to be done to progress this PR? |
|
Anything we can do here? |
| @@ -233,6 +234,7 @@ _Note: symbolic name for uid and gid, such as uname and gname respectively, are | |||
| "user": { | |||
| "uid": 1, | |||
| "gid": 1, | |||
| "umask": 63, | |||
There was a problem hiding this comment.
i get that they're just ints, but i wish octals were a viewable in json, and 077 wouldn't be 77
I would see this as right before exec. What would you're hopes be? |
|
I think right before exec would be most reasonable, since it's a setting about the container and not about configuring devices and others such things. Generally most |
|
This has come up again in a request for Podman. Is there anything we could do to move this forward? |
doing it just before exec seems like the correct thing to me. Currently runc does it in |
|
LGTM |
|
RFC @opencontainers/runtime-spec-maintainers |
|
I think @wking's comments look to be relevant and should be addressed (especially the inconsistent formatting). It also seems like a good idea IMO to clarify when this is expected to be applied, per @crosbymichael's comments. |
|
LGTM |
Users may want to specify the umask(2) of the init process in a
container. This value is identical in semantics to POSIX. This is in
order to allow usage of an OCI container for a service which normally
only inherits the umask given to it.
See-also: opencontainers/runc#1650
Requested-by: @leberknecht
Signed-off-by: Aleksa Sarai [email protected]