Add support for setting mode of a container content mount #1071
Conversation
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Fixes #1070 Signed-off-by: Joachim Wiberg <[email protected]>
troglobit
added
enhancement
There was a problem hiding this comment.
Pull Request Overview
This PR adds support for setting a file mode for container content mounts by updating the YANG model and implementing the corresponding logic in the container processing code.
- Updated YANG module with a new revision and added the "mode" leaf with an octal string pattern.
- Modified the container creation logic in C to parse the mode value and apply it using fchmod.
- Updated the module reference and ChangeLog to reflect the new feature.
Reviewed Changes
Copilot reviewed 4 out of 5 changed files in this pull request and generated 1 comment.
| File | Description |
|---|---|
| src/confd/yang/containers.inc | Updated the referred YANG file revision to the new version. |
| src/confd/yang/confd/infix-containers.yang | Added a new revision and introduced the "mode" leaf for file permissions. |
| src/confd/src/infix-containers.c | Implemented mode parsing and applied file permissions using fchmod. |
| doc/ChangeLog.md | Documented the new feature in the ChangeLog. |
| close(fd); | ||
|
|
||
| /* Now decode base64 content into the properly secured file */ | ||
| snprintf(cmd, sizeof(cmd), "base64 -d > %s", nm); |
There was a problem hiding this comment.
Using the file name (nm) directly in a shell command via snprintf could allow command injection if nm contains unexpected characters. Consider sanitizing nm or using a safer method to decode base64 content without invoking a shell.
axkar
approved these changes
Jun 26, 2025
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Description
Checklist
Tick relevant boxes, this PR is-a or has-a: