Make sure that security context files are readable by all (#1729)

jumaffre · web-flow · commit b6806f37572d · 2023-04-14T10:34:06.000-07:00
Update internal/guest/runtime/hcsv2/uvm.go

Make sure that security-context directory has `0755` permissions.

Signed-off-by: Julien Maffre &lt;jumaffre@microsoft.com&gt;
diff --git a/internal/guest/runtime/hcsv2/uvm.go b/internal/guest/runtime/hcsv2/uvm.go
@@ -454,8 +454,8 @@ func (h *Host) CreateContainer(ctx context.Context, id string, settings *prot.VM
 			if err != nil {
 				return nil, fmt.Errorf("failed to create security context directory: %w", err)
 			}
-			// Make sure it's readable
-			if err := os.Chmod(securityContextDir, 0744); err != nil {
+			// Make sure that files inside directory are readable
+			if err := os.Chmod(securityContextDir, 0755); err != nil {
 				return nil, fmt.Errorf("failed to chmod security context directory: %w", err)
 			}
 

Original file line number	Diff line number	Diff line change
`@@ -454,8 +454,8 @@ func (h Host) CreateContainer(ctx context.Context, id string, settings prot.VM`
`454`	`454`	`if err != nil {`
`455`	`455`	`return nil, fmt.Errorf("failed to create security context directory: %w", err)`
`456`	`456`	`}`
`457`		`- // Make sure it's readable`
`458`		`- if err := os.Chmod(securityContextDir, 0744); err != nil {`
	`457`	`+ // Make sure that files inside directory are readable`
	`458`	`+ if err := os.Chmod(securityContextDir, 0755); err != nil {`
`459`	`459`	`return nil, fmt.Errorf("failed to chmod security context directory: %w", err)`
`460`	`460`	`}`
`461`	`461`