user: add filesystem-aware mkdir/chown helpers#214
user: add filesystem-aware mkdir/chown helpers#214tonistiigi wants to merge 1 commit intomoby:mainfrom
Conversation
tonistiigi
force-pushed
the
user-fs-funcs
branch
from
9853d53 to
ceeb85c
Compare
|
Technically |
tonistiigi
force-pushed
the
user-fs-funcs
branch
from
ceeb85c to
aee2bd6
Compare
If we are to drop go 1.18 support (btw I'm all for it!), we need to
@thaJeztah WDYT? Or, we can bump |
That's what the PR is doing atm. |
it looks like you're also dropping go 1.18 from CI (or is this a leftover?) |
|
Yeah, no problem dropping go1.18 for this module; we kept the module versions at the minimum required if there was no reason we needed a newer version. But you can leave the go1.18 version in CI; Ci will skip it if a module doesn't support it (but run it for the other modules that do). |
Add FS-backed MkdirAllAndChownFS and MkdirAndChownFS variants for better security via os.Root implementation. Signed-off-by: Tonis Tiigi <tonistiigi@gmail.com>
tonistiigi
force-pushed
the
user-fs-funcs
branch
from
aee2bd6 to
75a5ad9
Compare
| // MkdirAllAndChownFS creates a directory (including any along the path) on the | ||
| // provided filesystem and then modifies ownership to the requested uid/gid. If | ||
| // fsys is nil, the host filesystem is used. | ||
| func MkdirAllAndChownFS(fsys FS, path string, mode os.FileMode, uid, gid int, opts ...MkdirOpt) error { |
There was a problem hiding this comment.
Looking at the signature; I see the variadic options at the end; did we add those later (but kept the positional options because they already were there?)
If that's the case, and we want to make more of these "optional", then now is the opportunity to change the signature for the new functions we added.
(also looking at windows <--> linux w.r.t. "uid", "gid" etc)
There was a problem hiding this comment.
Given that Chown is in the function name, I don't think uid/gid should be optional.
| // option, then only the newly created directories will have ownership and permissions changed. | ||
| func MkdirAllAndChown(path string, mode os.FileMode, uid, gid int, opts ...MkdirOpt) error { |
There was a problem hiding this comment.
if we want users of this module to migrate to the new functions, we can add a //go:fix inline, then go fix will automatically migrate them 🎉
| // option, then only the newly created directories will have ownership and permissions changed. | |
| func MkdirAllAndChown(path string, mode os.FileMode, uid, gid int, opts ...MkdirOpt) error { | |
| // option, then only the newly created directories will have ownership and permissions changed. | |
| // | |
| //go:fix inline | |
| func MkdirAllAndChown(path string, mode os.FileMode, uid, gid int, opts ...MkdirOpt) error { |
There was a problem hiding this comment.
In this case (if you want everyone to migrate) it also makes sense to mark old ones as deprecated.
OTOH if you want the new functions signatures to be simpler as you're suggesting above, the go:fix won't be possible (or easy).
There was a problem hiding this comment.
it also makes sense to mark old ones as deprecated.
Yup, deprecating is an option for sure; didn't want to make that a strict requiremnt for this PR (good as a follow-up, also for visibility).
OTOH if you want the new functions signatures to be simpler as you're suggesting above,
I'd be fine with keeping the signature the same, but at least wanted to mention the option, because now we have the chance to do so.
Specifically in these cases where Golang tries to abstract away platform differences, and on Windows making (e.g.) Chown and Chmod (for permissions) a no-op, silently discarding options that the user may have expected to secure things.
Arguments that are required should probably still be positional though (which is the fun thing here if those are required on Linux, but won't take effect on Windows I guess); happy for input on that though!
the go:fix won't be possible (or easy).
Yeah, //go:fix is not a MUST, but can help. It can do a pretty decent job; erm, but of course when I was about to write an example, I found yet another corner-case 😂 - adding it to my list of reports; golang/go#78432
| // in case path already exists. | ||
| func MkdirAndChown(path string, mode os.FileMode, uid, gid int, opts ...MkdirOpt) error { |
There was a problem hiding this comment.
Same for this one;
| // in case path already exists. | |
| func MkdirAndChown(path string, mode os.FileMode, uid, gid int, opts ...MkdirOpt) error { | |
| // in case path already exists. | |
| // | |
| //go:fix inline | |
| func MkdirAndChown(path string, mode os.FileMode, uid, gid int, opts ...MkdirOpt) error { |
|
I only need a way to use these helpers without worrying about cross-system path access security. I have no opinion on deprecation of the old API or variadic options. |
3 participants
Add FS-backed MkdirAllAndChownFS and MkdirAndChownFS variants for better security via os.Root implementation.