From 766d1a946726e2451e6fef66f73a385f0cee75e2 Mon Sep 17 00:00:00 2001 From: shechenglong Date: Sun, 20 Apr 2025 17:30:25 +0800 Subject: [PATCH] rootless: fix open /etc/docker/plugins: permission denied Signed-off-by: shechenglong --- ...n-etc-docker-plugins-permission-deni.patch | 52 +++++++++++++++++++ moby.spec | 6 ++- 2 files changed, 57 insertions(+), 1 deletion(-) create mode 100644 1015-rootless-fix-open-etc-docker-plugins-permission-deni.patch diff --git a/1015-rootless-fix-open-etc-docker-plugins-permission-deni.patch b/1015-rootless-fix-open-etc-docker-plugins-permission-deni.patch new file mode 100644 index 0000000..c0b1c90 --- /dev/null +++ b/1015-rootless-fix-open-etc-docker-plugins-permission-deni.patch @@ -0,0 +1,52 @@ +From 81ad7062f0299c4ebc9ac3f576a2c0c67d8b6ff8 Mon Sep 17 00:00:00 2001 +From: Akihiro Suda +Date: Thu, 14 Mar 2024 14:32:01 +0900 +Subject: [PATCH 026/172] rootless: fix `open /etc/docker/plugins: permission + denied` +MIME-Version: 1.0 +Content-Type: text/plain; charset=UTF-8 +Content-Transfer-Encoding: 8bit + +Fix issue 47436 + +Signed-off-by: Akihiro Suda +(cherry picked from commit d742659877d9bf0bfe64b97e529bc28667974607) +Signed-off-by: Paweł Gronowski +--- + pkg/plugins/discovery.go | 12 ++++++++++-- + 1 file changed, 10 insertions(+), 2 deletions(-) + +diff --git a/pkg/plugins/discovery.go b/pkg/plugins/discovery.go +index 37316ed482..503ac574a9 100644 +--- a/pkg/plugins/discovery.go ++++ b/pkg/plugins/discovery.go +@@ -10,6 +10,8 @@ import ( + "strings" + "sync" + ++ "github.com/containerd/containerd/pkg/userns" ++ "github.com/containerd/log" + "github.com/pkg/errors" + ) + +@@ -56,10 +58,16 @@ func (l *LocalRegistry) Scan() ([]string, error) { + + for _, p := range l.specsPaths { + dirEntries, err = os.ReadDir(p) +- if err != nil && !os.IsNotExist(err) { ++ if err != nil { ++ if os.IsNotExist(err) { ++ continue ++ } ++ if os.IsPermission(err) && userns.RunningInUserNS() { ++ log.L.Debug(err.Error()) ++ continue ++ } + return nil, errors.Wrap(err, "error reading dir entries") + } +- + for _, entry := range dirEntries { + if entry.IsDir() { + infos, err := os.ReadDir(filepath.Join(p, entry.Name())) +-- +2.27.0 diff --git a/moby.spec b/moby.spec index 2d09db2..1af7b5e 100644 --- a/moby.spec +++ b/moby.spec @@ -7,7 +7,7 @@ Name: moby Version: 25.0.3 -Release: 26 +Release: 27 Summary: The open-source application container engine License: Apache-2.0 URL: https://www.docker.com @@ -38,6 +38,7 @@ Patch1011: 1011-fix-CVE-2024-36620.patch Patch1012: 1012-fix-CVE-2024-36623.patch Patch1013: 1013-Don-t-enforce-new-validation-rules-for-existing-netw.patch Patch1014: 1014-daemon-overlay2-remove-world-writable-permission-fro.patch +Patch1015: 1015-rootless-fix-open-etc-docker-plugins-permission-deni.patch # Patch 2001-2999 for tini Patch2001: 2001-tini.c-a-function-declaration-without-a-prototype-is.patch Requires(meta): %{name}-engine = %{version}-%{release} @@ -229,6 +230,9 @@ fi %systemd_postun_with_restart docker.service %changelog +* Thu Apr 17 2025 shechenglong - 25.0.3-27 +- rootless: fix `open /etc/docker/plugins: permission denied` + * Thu Apr 17 2025 shechenglong - 25.0.3-26 - daemon: overlay2: remove world writable permission from the lower file -- Gitee