Dobby 3.0
Dobby “Docker based Thingy” is a tool for managing and running OCI containers using crun
Loading...
Searching...
No Matches
Public Member Functions | Private Member Functions | Static Private Member Functions | List of all members
DobbyFileAccessFixer Class Reference

Utility object to fix the various incorrectly 'hardened' file permissions. More...

#include <DobbyFileAccessFixer.h>

Public Member Functions

bool fixIt () const
 

Private Member Functions

bool fixDobbyInitPerms () const
 Fixes the access perms on /opt/libexec/DobbyInit.
 
bool fixOptRuntimePerms () const
 Fixes the access perms on everything in /opt/runtimes.
 
bool fixGfxDriverPerms () const
 Fixes the perms on the opengl dev nodes.
 
bool fixCoreDumpFilter () const
 Fixes the core pattern filter.
 

Static Private Member Functions

static void chmodFile (const char *filePath, mode_t oldPerms, mode_t newPerms)
 
static int fixRuntimePerms (const char *filePath, const struct stat *statBuf, int typeFlag, struct FTW *ftwbuf)
 Callback from the nftw() function for the directory walk.
 

Detailed Description

Utility object to fix the various incorrectly 'hardened' file permissions.

The 'hardening' process continuously 'over hardens' various files to the point where things become unusable. This object is used to go through and fix-up the files before launching the DobbyDaemon.

This method only has one method, fixIt() that applies all the know file perms fixups.

Hopefully in the future we can remove all these hacks and have just the correct perms from the start.

Member Function Documentation

◆ fixDobbyInitPerms()

bool DobbyFileAccessFixer::fixDobbyInitPerms ( ) const
private

Fixes the access perms on /opt/libexec/DobbyInit.

DobbyInit needs to be executable by everyone as it's the init process of all containers.

◆ fixGfxDriverPerms()

bool DobbyFileAccessFixer::fixGfxDriverPerms ( ) const
private

Fixes the perms on the opengl dev nodes.

The opengl dev nodes for both the ST and Broadcom currently have perms that don't allow un-privilaged apps to access them.

This code walks through them all and changes the access perms to allow 'others' to read and write. The preferred solution is to put those nodes into a 'graphics' group and run the apps with that as a supplementary group option.

◆ fixOptRuntimePerms()

bool DobbyFileAccessFixer::fixOptRuntimePerms ( ) const
private

Fixes the access perms on everything in /opt/runtimes.

Everything in here needs to be readable by everyone, in addition anything marked as executable needs to be executable by everyone.

◆ fixRuntimePerms()

int DobbyFileAccessFixer::fixRuntimePerms ( const char *  filePath,
const struct stat *  statBuf,
int  typeFlag,
struct FTW *  ftwbuf 
)
staticprivate

Callback from the nftw() function for the directory walk.

This is called for every entry in the /opt/runtimes dir, it will set the dirs and executable file perms to 0555 and ordinary files have 0444.

Parameters
[in]filePathThe path to the file or directory
[in]statBufThe struct stat of the file or directory
[in]typeFlagThe type of entry (file, dir, symlink, etc)
[in]ftwbufIgnored
Returns
always returns 0 to keep the walk going.
The documentation for this class was generated from the following files:
Generated by doxygen 1.9.8