Container initialization changes top directory permissions to 'rwx------' #154

lucekdudek · 2023-02-09T08:45:18Z

When investigating https://github.com/golemfactory/yagna-sdk-team/issues/205 we found out that ya-runtime-vm container instillation creates top directory with set permissions ignoring ones in provided image.

Exact line to be responsible per @prekucki: https://github.com/golemfactory/ya-runtime-vm/blob/master/runtime/init-container/src/init.c#L1677

Having a nginx-latest-cd6d7a1750.gvmi gvmi image:

mkdir /tmp/foo
sudo mount nginx-latest-cd6d7a1750.gvmi /tmp/foo
ls -al /tmp/foo

Will output proper permissions (same as original docker image permissions)

drwxr-xr-x 22 root root   409 lut  8 12:18 .
...

But using the same image in ya-runtime-vm causes permisons to change

sudo ya-runtime-dbg --runtime ya-runtime-vm --task-package nginx-latest-cd6d7a1750.gvmi --workdir /tmp/workdir --exec-shell bash
ls -al

outputs

drwx------   1 root root   80 Feb  9 08:44 .
...

The same behavior was observe running given image as payload in dapp-runner. dApp-runner payloads examples: https://github.com/golemfactory/dapp-experiments/pull/10/files

The text was updated successfully, but these errors were encountered:

MrDarthShoe added bug Something isn't working severity: minor severity: loss of minor functionality impact: low impact: some users affected labels Feb 9, 2023

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Container initialization changes top directory permissions to 'rwx------' #154

Container initialization changes top directory permissions to 'rwx------' #154

lucekdudek commented Feb 9, 2023 •

edited

Loading

Container initialization changes top directory permissions to 'rwx------' #154

Container initialization changes top directory permissions to 'rwx------' #154

Comments

lucekdudek commented Feb 9, 2023 • edited Loading

lucekdudek commented Feb 9, 2023 •

edited

Loading