New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Ignition ignores special file mode bits (sticky, setuid, setgid) #1301
Comments
Thanks for the report and analysis! This is clearly a bug, and the technical fix should be straightforward. Two concerns though:
I see three options:
cc @jlebon and maybe @dustymabe for thoughts. |
I think I'm in the |
I think this might need a wider discussion. I think we should do 2. Users that would have really needed it before would have realized that this was broken so we don't want to surprisingly add it to existing configuration versions. |
@jlebon and I discussed this OOB. This doesn't seem worth breaking existing configs (case 3), which has a very high bar. On the other hand, case 1 might be surprising for multiple reasons, including that configs that work on current FCOS would silently fail to set a security-sensitive mode bit when applied to e.g. older RHCOS. @dustymabe and I also discussed this a bit on IRC, leading to:
At this point I think we should proceed with option 2. We can raise this at a meeting, though, if desired. |
I'm fine with 2. I think as far as warnings go though, we actually want to be doing that in e.g. butane right? Or would that happen implicitly because butane uses ignition's Go bits for this? |
Yeah, Butane runs Ignition validation after translating. Since this is a distro-independent issue (and we want |
This allows Ignition to preserve the special mode bits for specs >= 3.4.0 Fixes: coreos#1301
This allows Ignition to preserve the special mode bits for specs >= 3.4.0 Fixes: coreos#1301
This allows Ignition to preserve the special mode bits for specs >= 3.4.0 Fixes: coreos#1301
This allows Ignition to preserve the special mode bits for specs >= 3.4.0 Fixes: coreos#1301
This allows Ignition to preserve the special mode bits for specs >= 3.4.0 Fixes: coreos#1301
This allows Ignition to preserve the special mode bits for specs >= 3.4.0 Fixes: coreos#1301
This allows Ignition to preserve the special mode bits for specs >= 3.4.0 Fixes: coreos#1301
This allows Ignition to preserve the special mode bits for specs >= 3.4.0 Fixes: coreos#1301
This allows Ignition to preserve the special mode bits for specs >= 3.4.0 Fixes: coreos#1301
This allows Ignition to preserve the special mode bits for specs >= 3.4.0 Fixes: coreos#1301
This allows Ignition to preserve the special mode bits for specs >= 3.4.0 Fixes: coreos#1301
This allows Ignition to preserve the special mode bits for specs >= 3.4.0 Fixes: coreos#1301
This allows Ignition to preserve the special mode bits for specs >= 3.4.0 Fixes: coreos#1301
Bug
Operating System Version
Ignition Version
3.3.0 - though I think this is applicable to all Ignition versions.
Environment
I'm creating a new FCOS VM using QEMU on a MacOS host, following these instructions: https://docs.fedoraproject.org/en-US/fedora-coreos/provisioning-qemu/
Expected Behavior
When a file or directory is specified in the Ignition config with any of the special file mode bits (sticky, setuid, setgid), the file or directory should be created with those bits set. Alternatively, if setting those file mode bits is unsupported, I would have expected the Ignition config to fail validation with an error message explaining that. Additionally, I would have expected the Ignition (and Butane) docs to make it clear that Ignition does not support those file modes.
Actual Behavior
If one creates a file or directory with a special file mode bit set (e.g.,
01755
/ decimal1005
), one would expect the created file or directory to have that bit set. However, only the file permission bits0755
are set. The special file mode bits are ignored.Reproduction Steps
Other Information
At first glance, it appears that Ignition supports file modes up to
07777
, as evidenced by the file mode validator.The root cause of this is because the file mode types in the Golang stdlib have their own internal representation. Additionally, when
os.Chmod()
runs, it actively discards anything past the first 9 bits (owner, group, other / read, write, execute) and uses its own internal representation to set the special file mode bits. Consequently, when one specifies mode01755
in their Ignition config, the file is created with mode0755
because the special file mode bits were discarded. To set01755
, one must convert that representation to Golangs internal representation (e.g.,0755 | os.ModeSticky
or04000755
) before callingos.Chmod()
.I'm happy to provide any additional information, if needed.
The text was updated successfully, but these errors were encountered: