mirrors/sops-nix
mirrors/sops-nix
1
0
Fork 0
mirror of https://github.com/Mic92/sops-nix.git synced 2025-03-05 16:17:47 +00:00
Code Activity

don't chown mountpoint if already correct

Browse source 
This avoids issues where directory might be bind mounted.
This commit is contained in:
Jörg Thalheim 2023-11-03 14:30:24 +01:00 committed by Jörg Thalheim
parent 84d6b27dc7
commit cc2cfe5630
1 changed files with 9 additions and 0 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

9
pkgs/sops-install-secrets/linux.go
View file

@ -34,6 +34,15 @@ func SecureSymlinkChown(symlinkToCheck, expectedTarget string, owner, group int)
if n > len(expectedTarget) || string(buf[:n]) != expectedTarget {
return fmt.Errorf("symlink %s does not point to %s", symlinkToCheck, expectedTarget)
}
stat := unix.Stat_t{}
err = unix.Fstat(fd, &stat)
if err != nil {
return fmt.Errorf("cannot stat '%s': %w", symlinkToCheck, err)
}
if stat.Uid == uint32(owner) || stat.Gid == uint32(group) {
return nil // already correct
}
err = unix.Fchownat(fd, "", owner, group, unix.AT_EMPTY_PATH)
if err != nil {
return fmt.Errorf("cannot change owner of '%s' to %d/%d: %w", symlinkToCheck, owner, group, err)