jasder
/
runc
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity

rootless: set sticky bit if using XDG_RUNTIME_DIR 

According to the XDG specification[1], in order to avoid the possibility of
our container states being auto-pruned every 6 hours we need to set the
sticky bit. Rather than handling all of the users of --root, we just
create the directory and set the sticky bit during detection, as it's
not expensive.

[1]: https://standards.freedesktop.org/basedir-spec/basedir-spec-latest.html

Signed-off-by: Aleksa Sarai <asarai@suse.de>
This commit is contained in:
Aleksa Sarai 2018-03-19 10:59:57 +11:00
parent 69663f0bd4
commit 4f4af7bfde
No known key found for this signature in database
GPG Key ID: 9E18AA267DDB8DB4
1 changed files with 9 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

9
main.go
View File

@ -67,6 +67,15 @@ func main() {
runtimeDir := os.Getenv("XDG_RUNTIME_DIR")
if runtimeDir != "" {
root = runtimeDir + "/runc"
// According to the XDG specification, we need to set anything in
// XDG_RUNTIME_DIR to have a sticky bit if we don't want it to get
// auto-pruned.
if err := os.MkdirAll(root, 0700); err != nil {
fatal(err)
}
if err := os.Chmod(root, 0700|os.ModeSticky); err != nil {
fatal(err)
}
}
}