[pve-devel] [PATCH pve-storage] allow rx permissions for group/world on .subvol dirs

Wolfgang Bumiller w.bumiller at proxmox.com
Tue Nov 24 09:43:13 CET 2015


vdisk_alloc comes in with an umask of 0037, which means the
.subvol dir has permissions 0740, which means that the root
directory of containers has permissions 0740, essentially
preventing the users inside a container from accessing
anything.
---
 PVE/Storage/Plugin.pm | 6 +++++-
 1 file changed, 5 insertions(+), 1 deletion(-)

diff --git a/PVE/Storage/Plugin.pm b/PVE/Storage/Plugin.pm
index 2638476..6aa71e0 100644
--- a/PVE/Storage/Plugin.pm
+++ b/PVE/Storage/Plugin.pm
@@ -571,7 +571,11 @@ sub alloc_image {
 	# only allow this if size = 0, so that user knows what he is doing
 	die "storage does not support subvol quotas\n" if $size != 0;
 	
-	(mkdir $path) || die "unable to create subvol '$path' - $!\n";
+	my $old_umask = umask(0022);
+	my $err;
+	mkdir($path) or $err = "unable to create subvol '$path' - $!\n";
+	umask $old_umask;
+	die $err if $err;
     } else {
 	my $cmd = ['/usr/bin/qemu-img', 'create'];
 
-- 
2.1.4





More information about the pve-devel mailing list