lxc-start-ephemeral: Set tmpfs mode to 0755

The tmpfs was mounted with its default mode (1777) which was then picked up by overlayfs/aufs as the target's mode. This led to a world writable / in ephemeral containers. I have confirmed that this issue doesn't impact lxc-clone. Signed-off-by: Stéphane Graber <stgraber@ubuntu.com> Acked-by: Serge E. Hallyn <serge.hallyn@ubuntu.com>

lxc-start-ephemeral: Set tmpfs mode to 0755
642d1ccd · Stéphane Graber · 7bb87886 · 642d1ccd
Commit 642d1ccd authored Feb 22, 2014 by Stéphane Graber
Show whitespace changes
Inline Side-by-side

Showing with 1 addition and 1 deletion

lxc-start-ephemeral.in src/lxc/lxc-start-ephemeral.in +1 -1

No files found.
--- a/src/lxc/lxc-start-ephemeral.in
+++ b/src/lxc/lxc-start-ephemeral.in
@@ -219,7 +219,7 @@ LXC_NAME="%s"
        fd.write("mkdir -p %s %s\n" % (target, entry[1]))
        if args.storage_type == "tmpfs":
-            fd.write("mount -n -t tmpfs none %s\n" % (target))
+            fd.write("mount -n -t tmpfs -o mode=0755 none %s\n" % (target))
        if args.union_type == "overlayfs":
            fd.write("mount -n -t overlayfs"