iSulad: make network config file to 0644

Signed-off-by: N LiFeng <lifeng68@huawei.com>

iSulad: make network config file to 0644
Signed-off-by: N LiFeng <lifeng68@huawei.com>
94f07690 · LiFeng · 7d45f00b · 94f07690 · 94f07690 · 94f07690
10 changed file
--- a/src/connect/client/grpc/client_base.h
+++ b/src/connect/client/grpc/client_base.h
@@ -196,7 +196,7 @@ protected:
        // Set common name from cert.perm
        char common_name_value[ClientBaseConstants::COMMON_NAME_LEN] = { 0 };
        int ret = get_common_name_from_tls_cert(m_certFile.c_str(), common_name_value,
-                                            ClientBaseConstants::COMMON_NAME_LEN);
+                                                ClientBaseConstants::COMMON_NAME_LEN);
        if (ret != 0) {
            ERROR("Failed to get common name in: %s", m_certFile.c_str());
            return -1;

--- a/src/constants.h
+++ b/src/constants.h
@@ -46,6 +46,8 @@

 #define DEBUG_DIRECTORY_MODE 0750

+#define NETWORK_MOUNT_FILE_MODE 0644
+
 #define ISULAD_CONFIG "/etc/isulad"

 #define ISULAD_DAEMON_JSON_CONF_FILE ISULAD_CONFIG "/daemon.json"

--- a/src/cutils/utils_file.c
+++ b/src/cutils/utils_file.c
@@ -822,7 +822,7 @@ free_out:
    return ret;
 }

-int util_write_file(const char *fname, const char *content, size_t content_len)
+int util_write_file(const char *fname, const char *content, size_t content_len, mode_t mode)
 {
    int ret = 0;
    int dst_fd = -1;
@@ -834,7 +834,7 @@ int util_write_file(const char *fname, const char *content, size_t content_len)
    if (content == NULL || content_len == 0) {
        return 0;
    }
-    dst_fd = util_open(fname, O_WRONLY | O_CREAT | O_TRUNC, DEFAULT_SECURE_FILE_MODE);
+    dst_fd = util_open(fname, O_WRONLY | O_CREAT | O_TRUNC, mode);
    if (dst_fd < 0) {
        ERROR("Creat file: %s, failed: %s", fname, strerror(errno));
        ret = -1;
@@ -877,7 +877,7 @@ char *verify_file_and_get_real_path(const char *file)
    return util_strdup_s(resolved_path);
 }

-int util_copy_file(const char *src_file, const char *dst_file)
+int util_copy_file(const char *src_file, const char *dst_file, mode_t mode)
 {
 #define BUFSIZE 4096
    int ret = 0;
@@ -902,7 +902,7 @@ int util_copy_file(const char *src_file, const char *dst_file)
        ret = -1;
        goto free_out;
    }
-    dst_fd = util_open(dst_file, O_WRONLY | O_CREAT | O_TRUNC, DEFAULT_SECURE_FILE_MODE);
+    dst_fd = util_open(dst_file, O_WRONLY | O_CREAT | O_TRUNC, mode);
    if (dst_fd < 0) {
        ERROR("Creat file: %s, failed: %s", dst_file, strerror(errno));
        ret = -1;

--- a/src/cutils/utils_file.h
+++ b/src/cutils/utils_file.h
@@ -69,11 +69,11 @@ int util_file2str(const char *filename, char *buf, size_t len);

 char *look_path(const char *file, char **err);

-int util_write_file(const char *fname, const char *content, size_t content_len);
+int util_write_file(const char *fname, const char *content, size_t content_len, mode_t mode);

 char *verify_file_and_get_real_path(const char *file);

-int util_copy_file(const char *src_file, const char *dst_file);
+int util_copy_file(const char *src_file, const char *dst_file, mode_t mode);

 #ifdef __cplusplus
 }

--- a/src/runtime/isula/isula_rt_ops.c
+++ b/src/runtime/isula/isula_rt_ops.c
@@ -60,7 +60,7 @@ static int file_write_int(const char *fname, int val)
        return -1;
    }

-    if (util_write_file(fname, sint, strlen(sint)) < 0) {
+    if (util_write_file(fname, sint, strlen(sint), DEFAULT_SECURE_FILE_MODE) < 0) {
        return -1;
    }

@@ -188,7 +188,7 @@ static int create_process_json_file(const char *workdir, const shim_client_proce
        goto out;
    }

-    if (util_write_file(fname, data, strlen(data)) != 0) {
+    if (util_write_file(fname, data, strlen(data), DEFAULT_SECURE_FILE_MODE) != 0) {
        retcode = -1;
        ERROR("failed write process.json");
        goto out;

--- a/src/services/cri/cni_network_plugin.cc
+++ b/src/services/cri/cni_network_plugin.cc
@@ -33,7 +33,7 @@ static std::string VendorCNIDir(const std::string &prefix, const std::string &pl
 static std::unique_ptr<CNINetwork> GetLoNetwork(const std::string &binDir, const std::string &vendorDirPrefix)
 {
    const std::string loNetConfListJson { "{\"cniVersion\": \"0.3.0\", \"name\": \"cni-loopback\","
-                                          "\"plugins\":[{\"type\": \"loopback\" }]}" };
+        "\"plugins\":[{\"type\": \"loopback\" }]}" };

    char *cerr { nullptr };
    struct cni_network_list_conf *loConf {

--- a/src/services/cri/cri_sandbox.cc
+++ b/src/services/cri/cri_sandbox.cc
@@ -307,7 +307,7 @@ void CRIRuntimeServiceImpl::SetupSandboxFiles(const std::string &resolvPath,

    if (!resolvContentStrs.empty()) {
        std::string resolvContent = CXXUtils::StringsJoin(resolvContentStrs, "\n") + "\n";
-        if (util_write_file(resolvPath.c_str(), resolvContent.c_str(), resolvContent.size()) != 0) {
+        if (util_write_file(resolvPath.c_str(), resolvContent.c_str(), resolvContent.size(), DEFAULT_SECURE_FILE_MODE) != 0) {
            error.SetError("Failed to write resolv content");
        }
    }

--- a/src/services/execution/execute/execution_network.c
+++ b/src/services/execution/execute/execution_network.c
@@ -48,7 +48,7 @@ static int write_hostname_to_file(const char *rootfs, const char *hostname)
        goto error_out;
    }
    if (hostname != NULL) {
-        ret = util_write_file(file_path, hostname, strlen(hostname));
+        ret = util_write_file(file_path, hostname, strlen(hostname), NETWORK_MOUNT_FILE_MODE);
        if (ret) {
            SYSERROR("Failed to write %s", file_path);
            isulad_set_error_message("Failed to write %s: %s", file_path, strerror(errno));
@@ -140,7 +140,7 @@ static int write_content_to_file(const char *file_path, const char *content)
    int ret = 0;

    if (content != NULL) {
-        ret = util_write_file(file_path, content, strlen(content));
+        ret = util_write_file(file_path, content, strlen(content), NETWORK_MOUNT_FILE_MODE);
        if (ret != 0) {
            SYSERROR("Failed to write file %s", file_path);
            isulad_set_error_message("Failed to write file %s: %s", file_path, strerror(errno));
@@ -869,7 +869,7 @@ static int create_default_hostname(const char *id, const char *rootpath, bool sh
    }


-    if (util_write_file(file_path, hostname_content, strlen(hostname_content)) != 0) {
+    if (util_write_file(file_path, hostname_content, strlen(hostname_content), NETWORK_MOUNT_FILE_MODE) != 0) {
        ERROR("Failed to create default hostname");
        ret = -1;
        goto out;
@@ -915,7 +915,7 @@ static int write_default_hosts(const char *file_path, const char *hostname)
        goto out_free;
    }

-    ret = util_write_file(file_path, content, strlen(content));
+    ret = util_write_file(file_path, content, strlen(content), NETWORK_MOUNT_FILE_MODE);
    if (ret != 0) {
        ret = -1;
        goto out_free;
@@ -941,7 +941,7 @@ static int create_default_hosts(const char *id, const char *rootpath, bool share
    }

    if (share_host && util_file_exists(ETC_HOSTS)) {
-        ret = util_copy_file(ETC_HOSTS, file_path);
+        ret = util_copy_file(ETC_HOSTS, file_path, NETWORK_MOUNT_FILE_MODE);
    } else {
        ret = write_default_hosts(file_path, v2_spec->config->hostname);
    }
@@ -962,7 +962,7 @@ static int write_default_resolve(const char *file_path)
 {
    const char *default_ipv4_dns = "\nnameserver 8.8.8.8\nnameserver 8.8.4.4\n";;

-    return util_write_file(file_path, default_ipv4_dns, strlen(default_ipv4_dns));
+    return util_write_file(file_path, default_ipv4_dns, strlen(default_ipv4_dns), NETWORK_MOUNT_FILE_MODE);
 }

 static int create_default_resolv(const char *id, const char *rootpath, container_config_v2_common_config *v2_spec)
@@ -978,7 +978,7 @@ static int create_default_resolv(const char *id, const char *rootpath, container
    }

    if (util_file_exists(RESOLV_CONF_PATH)) {
-        ret = util_copy_file(RESOLV_CONF_PATH, file_path);
+        ret = util_copy_file(RESOLV_CONF_PATH, file_path, NETWORK_MOUNT_FILE_MODE);
    } else {
        ret = write_default_resolve(file_path);
    }

--- a/src/services/execution/spec/specs.c
+++ b/src/services/execution/spec/specs.c
@@ -2167,7 +2167,7 @@ int save_oci_config(const char *id, const char *rootpath, const oci_runtime_spec
        goto out_free;
    }

-    if (util_write_file(file_path, json_container, strlen(json_container)) != 0) {
+    if (util_write_file(file_path, json_container, strlen(json_container), DEFAULT_SECURE_FILE_MODE) != 0) {
        ERROR("write json container failed: %s", strerror(errno));
        ret = -1;
        goto out_free;

--- a/test/services/execution/spec/selinux_label_mock_llt.cc
+++ b/test/services/execution/spec/selinux_label_mock_llt.cc
@@ -56,7 +56,7 @@ TEST_F(SELinuxGetEnableUnitTest, test_selinux_get_enable_normal)
    const uint32_t selinuxfsMagic = 0xf97cff8c;
    struct statfs sfbuf {
        .f_type = selinuxfsMagic,
-        .f_flags = 0
+         .f_flags = 0
    };

    EXPECT_CALL(m_syscall, Statfs(_, _))