Skip to content

Comments

Windows: create daemon root with ACL#28274

Merged
vieux merged 1 commit intomoby:masterfrom
microsoft:jjh/acl
Nov 11, 2016
Merged

Windows: create daemon root with ACL#28274
vieux merged 1 commit intomoby:masterfrom
microsoft:jjh/acl

Conversation

@lowenna
Copy link
Member

@lowenna lowenna commented Nov 11, 2016

Signed-off-by: John Howard [email protected]

This PR ensures the Windows daemon creates the root with an ACL for Local System and Built-In Administrators. @NathanMcCauley @thaJeztah

@vieux
Copy link
Contributor

vieux commented Nov 11, 2016

SGTM

Copy link
Member

@johnstep johnstep Nov 11, 2016

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This code does not run on Windows, due to the early exit above. Therefore, I think this can be changed back to MkdirAll, and maybe MkdirAllWithACL can be Windows only.

Copy link
Member Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Fair. Updated in next push (imminent)

Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Update the comment to reflect that it grants full access to administrators and system.

Copy link
Member Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Updated in next push (imminent)

@lowenna
Copy link
Member Author

lowenna commented Nov 11, 2016

@johnstep Comments addressed. Rebased following minor merge conflict after the merge of the 'plug-ins coming out of experimental' PR just now.

opts.common.TrustKey = filepath.Join(
getDaemonConfDir(),
cliflags.DefaultTrustKeyFile)
}
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

@jhowardmsft Could you explain the moved line here?

Copy link
Member Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

It's to ensure the root is created first, before anything else. The current ordering creates other files prior to the daemon root, indirectly creating the root in the process.

Copy link
Member

@tonistiigi tonistiigi Nov 11, 2016

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I understand that. Can you point me where in configuration loading we create it so the order of initializing trust key path becomes significant.

Copy link
Member Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I'd have to debug it again, can't immediately see it. But I know it was the case when creating the commit back at the weekend.

if err := daemon.CreateDaemonRoot(cli.Config); err != nil {
return err
}

Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Same question: can we keep this inside NewDaemon. From go api standpoint it doesn't make sense that this preparation is needed before calling NewDaemon.

Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Is it possible to move pidfile/migrateKey instead?

Copy link
Member Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Same answer as above.

Copy link
Member Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Actually, not in the current code flow. The startup path for the daemon is kind of strange and all over the place. I have to guarantee that the very first thing done is to create the root before any other file is created.

Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I think we can do better but let's leave that to some other PR.

Copy link
Member Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Yes, agreed. I wanted to be as minimally invasive as possible and just fix the immediate issue.

Copy link
Member

@johnstep johnstep left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM

@lowenna
Copy link
Member Author

lowenna commented Nov 11, 2016

@crosbymichael @tiborvass @cpuguy83 In the hope that this might get in ahead of the code freeze cutoff. Appreciate you're all busy though. Or asleep ;)

@tonistiigi
Copy link
Member

LGTM

@thaJeztah
Copy link
Member

ping @riyazdf PTAL

Copy link
Contributor

@riyazdf riyazdf left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

code LGTM with nits.

However, I think we should add windows-specific tests around these permissions tests to ensure there are correct and there are no future regressions. This can happen in a follow-up PR.

}

// FIXME: why is this down here instead of with the other TrustKey logic above?
cli.TrustKeyPath = opts.common.TrustKey
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

leaving a breadcrumb since we touched relevant code to this FIXME: especially from the changes in this PR it seems that we can move this to the TrustKey logic above. We can do this in a followup PR.

func getDaemonConfDir() string {
return os.Getenv("PROGRAMDATA") + `\docker\config`
func getDaemonConfDir(root string) string {
return filepath.Join(root, `\config`)
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

nit: the \ might be redundant for filepath.Join in windows

config.Root = rootDir
// Create the root directory if it doesn't exists
if err := system.MkdirAll(config.Root, 0700); err != nil && !os.IsExist(err) {
if err := system.MkdirAllWithACL(config.Root, 0); err != nil && !os.IsExist(err) {
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

nit: it might be worth leaving a comment about why 0 is acceptable for Windows since that argument isn't used as permissions

// and Local System.
func mkdirWithACL(name string) error {
sa := syscall.SecurityAttributes{Length: 0}
sddl := "D:P(A;OICI;GA;;;BA)(A;OICI;GA;;;SY)"
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

nit: might be worth leaving a comment explaining what this expression semantically means

@thaJeztah
Copy link
Member

@jhowardmsft can you do a follow up to address those nits? I'll move this to "merge"

@lowenna
Copy link
Member Author

lowenna commented Nov 11, 2016

Yes.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Projects

None yet

Development

Successfully merging this pull request may close these issues.

9 participants