Skip to content

Commit

Permalink
fix: set write permissions for group and other (#1405)
Browse files Browse the repository at this point in the history 
Fixes #1403.
  • Loading branch information
@enocom
enocom authored Sep 13, 2022
1 parent 1b8d2ac commit f6b77d7
Show file tree
Hide file tree
Showing 4 changed files with 33 additions and 1 deletion.
6 changes: 6 additions & 0 deletions internal/proxy/proxy.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -626,6 +626,12 @@ func newSocketMount(ctx context.Context, conf *Config, pc *portConfig, inst Inst
if err != nil {
return nil, err
}
// Change file permisions to allow access for user, group, and other.
if network == "unix" {
// Best effort. If this call fails, group and other won't have write
// access.
_ = os.Chmod(address, 0777)
}
opts := conf.DialOptions(inst)
m := &socketMount{inst: inst.Name, dialOpts: opts, listener: ln}
return m, nil
Expand Down
15 changes: 15 additions & 0 deletions internal/proxy/proxy_other_test.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -17,6 +17,11 @@

package proxy_test

import (
"os"
"testing"
)

var (
pg = "proj:region:pg"
pg2 = "proj:region:pg2"
Expand All @@ -25,3 +30,13 @@ var (
sqlserver = "proj:region:sqlserver"
sqlserver2 = "proj:region:sqlserver2"
)

func verifySocketPermissions(t *testing.T, addr string) {
fi, err := os.Stat(addr)
if err != nil {
t.Fatalf("os.Stat(%v): %v", addr, err)
}
if fm := fi.Mode(); fm != 0777|os.ModeSocket {
t.Fatalf("file mode: want = %v, got = %v", 0777|os.ModeSocket, fm)
}
}
2 changes: 2 additions & 0 deletions internal/proxy/proxy_test.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -283,6 +283,8 @@ func TestClientInitialization(t *testing.T) {
}

for _, addr := range tc.wantUnixAddrs {
verifySocketPermissions(t, addr)

conn, err := net.Dial("unix", addr)
if err != nil {
t.Fatalf("want error = nil, got = %v", err)
Expand Down
11 changes: 10 additions & 1 deletion internal/proxy/proxy_windows_test.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -14,7 +14,10 @@

package proxy_test

import "strings"
import (
"strings"
"testing"
)

var (
pg = strings.ReplaceAll("proj:region:pg", ":", ".")
Expand All @@ -24,3 +27,9 @@ var (
sqlserver = strings.ReplaceAll("proj:region:sqlserver", ":", ".")
sqlserver2 = strings.ReplaceAll("proj:region:sqlserver2", ":", ".")
)

func verifySocketPermissions(t *testing.T, addr string) {
// On Linux and Darwin, we check that the socket named by addr exists with
// os.Stat. That operation is not supported on Windows.
// See https://github.com/microsoft/Windows-Containers/issues/97#issuecomment-887713195
}

0 comments on commit f6b77d7

Please sign in to comment.