Run as user dropping privileges
This commit is contained in:
Manuel de Brito Fontes
Manuel Alejandro de Brito Fontes
parent
f7359a6062
commit
79199dd84c
7 changed files with 34 additions and 18 deletions
|
|
@ -35,7 +35,7 @@ func NewLocalFS() (Filesystem, error) {
|
|||
fs := filesystem.DefaultFs{}
|
||||
|
||||
for _, directory := range directories {
|
||||
err := fs.MkdirAll(directory, 0655)
|
||||
err := fs.MkdirAll(directory, 0777)
|
||||
if err != nil {
|
||||
return nil, err
|
||||
}
|
||||
|
|
@ -97,12 +97,5 @@ func NewFakeFS() (Filesystem, error) {
|
|||
}
|
||||
}
|
||||
|
||||
fakeFs.MkdirAll("/run", 0655)
|
||||
fakeFs.MkdirAll("/proc", 0655)
|
||||
fakeFs.MkdirAll("/etc/nginx/template", 0655)
|
||||
|
||||
fakeFs.MkdirAll(DefaultSSLDirectory, 0655)
|
||||
fakeFs.MkdirAll(AuthDirectory, 0655)
|
||||
|
||||
return fakeFs, nil
|
||||
}
|
||||
|
|
|
|||
|
|
@ -26,6 +26,8 @@ import (
|
|||
"github.com/pkg/errors"
|
||||
)
|
||||
|
||||
const nginxPID = "/tmp/nginx.pid"
|
||||
|
||||
// Name returns the healthcheck name
|
||||
func (n NGINXController) Name() string {
|
||||
return "nginx-ingress-controller"
|
||||
|
|
@ -58,13 +60,13 @@ func (n *NGINXController) Check(_ *http.Request) error {
|
|||
if err != nil {
|
||||
return errors.Wrap(err, "unexpected error reading /proc directory")
|
||||
}
|
||||
f, err := n.fileSystem.ReadFile("/run/nginx.pid")
|
||||
f, err := n.fileSystem.ReadFile(nginxPID)
|
||||
if err != nil {
|
||||
return errors.Wrap(err, "unexpected error reading /run/nginx.pid")
|
||||
return errors.Wrapf(err, "unexpected error reading %v", nginxPID)
|
||||
}
|
||||
pid, err := strconv.Atoi(strings.TrimRight(string(f), "\r\n"))
|
||||
if err != nil {
|
||||
return errors.Wrap(err, "unexpected error reading the PID from /run/nginx.pid")
|
||||
return errors.Wrapf(err, "unexpected error reading the nginx PID from %v", nginxPID)
|
||||
}
|
||||
_, err = fs.NewProc(pid)
|
||||
|
||||
|
|
|
|||
|
|
@ -60,8 +60,8 @@ func TestNginxCheck(t *testing.T) {
|
|||
})
|
||||
|
||||
// create pid file
|
||||
fs.MkdirAll("/run", 0655)
|
||||
pidFile, err := fs.Create("/run/nginx.pid")
|
||||
fs.MkdirAll("/tmp", 0655)
|
||||
pidFile, err := fs.Create(nginxPID)
|
||||
if err != nil {
|
||||
t.Fatalf("unexpected error: %v", err)
|
||||
}
|
||||
|
|
|
|||
Loading…
Add table
Add a link
Reference in a new issue