Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Bug 1810333: daemon: Always create tempfiles in target dir #1530

Merged
merged 1 commit into from Mar 5, 2020
Merged

Bug 1810333: daemon: Always create tempfiles in target dir #1530

merged 1 commit into from Mar 5, 2020

Conversation

cgwalters
Copy link
Member

@cgwalters cgwalters commented Mar 4, 2020
edited

When we go to write a file, we need to create the temporary
file in the exact target directory, not (potentially) /tmp. This will
ensure that the right SELinux label is used by default.

Currently the renameio library's logic tries to optimize things
by using /tmp if possible, otherwise the target directory.
And without SELinux that's a sane optimization. But we
can't do it.

Force using the target directory by passing it explicitly.

Should fix a bug seen with the baremetal config which
ended up with a tmp_t labeled file in /etc.

@openshift-ci-robot openshift-ci-robot added the size/XXL Denotes a PR that changes 1000+ lines, ignoring generated files. label Mar 4, 2020
@cgwalters
Copy link
Member Author

Only compile tested.

@openshift-ci-robot openshift-ci-robot added the approved Indicates a PR has been approved by an approver from all required OWNERS files. label Mar 4, 2020
@celebdor
Copy link
Contributor

celebdor commented Mar 4, 2020

The change to create in the same dir looks good. Didn't test it though

@cgwalters
Copy link
Member Author

Wait, sorry I just read the renameio sources more carefully, it does look like it's creating the tempfile in the target dir. So the bug may be something else.

@cgwalters
daemon: Always create tempfiles in target dir
57ebb74 
When we go to write a file, we need to create the temporary
file in the exact target directory, not (potentially) `/tmp`. This will
ensure that the right SELinux label is used by default.

Currently the `renameio` library's logic tries to optimize things
by using `/tmp` if possible, otherwise the target directory.
And without SELinux that's a sane optimization.  But we
can't do it.

Force using the target directory by passing it explicitly.

Should fix a bug seen with the baremetal config which
ended up with a `tmp_t` labeled file in `/etc`.
@openshift-ci-robot openshift-ci-robot added size/XS Denotes a PR that changes 0-9 lines, ignoring generated files. and removed size/XXL Denotes a PR that changes 1000+ lines, ignoring generated files. labels Mar 4, 2020
@cgwalters cgwalters changed the title daemon: Create tempfiles in target dir, use O_TMPFILE daemon: Always create tempfiles in target dir Mar 4, 2020
@cgwalters
Copy link
Member Author

OK pushed a much simpler patch that doesn't pull another dep (we should probably teach renameio about O_TMPFILE instead for that bit).

@jlebon
Copy link
Member

jlebon commented Mar 4, 2020

Wow, that renameio logic is... interesting. Might be worth a comment about the SELinux context here, but either way:

/approve

yuqi-zhang
yuqi-zhang approved these changes Mar 4, 2020
View reviewed changes
Copy link
Contributor

@yuqi-zhang yuqi-zhang left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

/lgtm

As noted I believe this is what's causing the previous issue: https://github.com/google/renameio/blob/master/tempfile.go#L23

@openshift-ci-robot openshift-ci-robot added the lgtm Indicates that a PR is ready to be merged. label Mar 4, 2020
@celebdor
Copy link
Contributor

celebdor commented Mar 4, 2020

/approve

@openshift-ci-robot
Copy link
Contributor

[APPROVALNOTIFIER] This PR is APPROVED

This pull-request has been approved by: ashcrow, celebdor, cgwalters, jlebon, yuqi-zhang

The full list of commands accepted by this bot can be found here.

The pull request process is described here

Needs approval from an approver in each of these files:
  • OWNERS [ashcrow,cgwalters,yuqi-zhang]

Approvers can indicate their approval by writing /approve in a comment
Approvers can cancel approval by writing /approve cancel in a comment

@openshift-bot
Copy link
Contributor

/retest

Please review the full test history for this PR and help us cut down flakes.

1 similar comment
@openshift-bot
Copy link
Contributor

/retest

Please review the full test history for this PR and help us cut down flakes.

@cgwalters
Copy link
Member Author

flake
/test e2e-gcp-upgrade

@cgwalters
Copy link
Member Author

/cherrypick release-4.3

@openshift-cherrypick-robot
Copy link

@cgwalters: once the present PR merges, I will cherry-pick it on top of release-4.3 in a new PR and assign it to you.

In response to this:

/cherrypick release-4.3

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository.

@celebdor
Copy link
Contributor

celebdor commented Mar 5, 2020

/retitle Bug 1810333: daemon: Always create tempfiles in target dir

@openshift-ci-robot openshift-ci-robot changed the title daemon: Always create tempfiles in target dir Bug 1810333: daemon: Always create tempfiles in target dir Mar 5, 2020
@openshift-ci-robot openshift-ci-robot added the bugzilla/valid-bug Indicates that a referenced Bugzilla bug is valid for the branch this PR is targeting. label Mar 5, 2020
@openshift-ci-robot
Copy link
Contributor

@cgwalters: This pull request references Bugzilla bug 1810333, which is valid.

3 validation(s) were run on this bug
  • bug is open, matching expected state (open)
  • bug target release (4.5.0) matches configured target release for branch (4.5.0)
  • bug is in the state POST, which is one of the valid states (NEW, ASSIGNED, ON_DEV, POST, POST)

In response to this:

Bug 1810333: daemon: Always create tempfiles in target dir

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository.

@openshift-bot
Copy link
Contributor

/retest

Please review the full test history for this PR and help us cut down flakes.

@runcom
Copy link
Member

runcom commented Mar 5, 2020

/retest

@openshift-bot
Copy link
Contributor

/retest

Please review the full test history for this PR and help us cut down flakes.

1 similar comment
@openshift-bot
Copy link
Contributor

/retest

Please review the full test history for this PR and help us cut down flakes.

@openshift-merge-robot openshift-merge-robot merged commit b9fa509 into openshift:master Mar 5, 2020
@openshift-ci-robot
Copy link
Contributor

@cgwalters: All pull requests linked via external trackers have merged. Bugzilla bug 1810333 has been moved to the MODIFIED state.

In response to this:

Bug 1810333: daemon: Always create tempfiles in target dir

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository.

@openshift-cherrypick-robot openshift-cherrypick-robot mentioned this pull request Mar 5, 2020
Merged
@openshift-cherrypick-robot
Copy link

@cgwalters: new pull request created: #1535

In response to this:

/cherrypick release-4.3

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository.

@celebdor
Copy link
Contributor

celebdor commented Mar 5, 2020

/cherrypick release-4.4

@openshift-cherrypick-robot openshift-cherrypick-robot mentioned this pull request Mar 5, 2020
Merged
@openshift-cherrypick-robot
Copy link

@celebdor: new pull request created: #1536

In response to this:

/cherrypick release-4.4

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@ashcrow ashcrow ashcrow approved these changes

@yuqi-zhang yuqi-zhang yuqi-zhang approved these changes

@ericavonb ericavonb Awaiting requested review from ericavonb

Assignees

@yuqi-zhang yuqi-zhang

Labels
approved Indicates a PR has been approved by an approver from all required OWNERS files. bugzilla/valid-bug Indicates that a referenced Bugzilla bug is valid for the branch this PR is targeting. lgtm Indicates that a PR is ready to be merged. size/XS Denotes a PR that changes 0-9 lines, ignoring generated files.
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

None yet
10 participants
@cgwalters @celebdor @jlebon @openshift-ci-robot @openshift-bot @openshift-cherrypick-robot @runcom @ashcrow @yuqi-zhang @openshift-merge-robot