Merge pull request #1901 from docker/1899-create_archive_fix

Rewrite access check in create_archive with EAFP

Merge pull request #1901 from docker/1899-create_archive_fix
Rewrite access check in create_archive with EAFP
7c19772e · Joffrey F · GitHub · 855b71ea · 58639aec · 7c19772e
Unverified Kaydet (Commit) 7c19772e authored Şub 05, 2018 tarafından Joffrey F Kaydeden (comit) GitHub Şub 05, 2018
Hide whitespace changes
Inline Side-by-side

Showing with 9 additions and 7 deletions

utils.py docker/utils/utils.py +3 -5

utils_test.py tests/unit/utils_test.py +6 -2

No files found.
--- a/docker/utils/utils.py
+++ b/docker/utils/utils.py
@@ -97,10 +97,6 @@ def create_archive(root, files=None, fileobj=None, gzip=False):
    for path in files:
        full_path = os.path.join(root, path)

-        if os.lstat(full_path).st_mode & os.R_OK == 0:
-            raise IOError(
-                'Can not access file in context: {}'.format(full_path)
-            )
        i = t.gettarinfo(full_path, arcname=path)
        if i is None:
            # This happens when we encounter a socket file. We can safely
@@ -121,7 +117,9 @@ def create_archive(root, files=None, fileobj=None, gzip=False):
                with open(full_path, 'rb') as f:
                    t.addfile(i, f)
            except IOError:
-                t.addfile(i, None)
+                raise IOError(
+                    'Can not read file in context: {}'.format(full_path)
+                )
        else:
            # Directories, FIFOs, symlinks... don't need to be read.
            t.addfile(i, None)

--- a/tests/unit/utils_test.py
+++ b/tests/unit/utils_test.py
@@ -933,7 +933,10 @@ class TarTest(unittest.TestCase):
            tar_data = tarfile.open(fileobj=archive)
            assert sorted(tar_data.getnames()) == ['bar', 'foo']

-    @pytest.mark.skipif(IS_WINDOWS_PLATFORM, reason='No chmod on Windows')
+    @pytest.mark.skipif(
+        IS_WINDOWS_PLATFORM or os.geteuid() == 0,
+        reason='root user always has access ; no chmod on Windows'
+    )
    def test_tar_with_inaccessible_file(self):
        base = tempfile.mkdtemp()
        full_path = os.path.join(base, 'foo')
@@ -944,8 +947,9 @@ class TarTest(unittest.TestCase):
        with pytest.raises(IOError) as ei:
            tar(base)

-        assert 'Can not access file in context: {}'.format(full_path) in \
+        assert 'Can not read file in context: {}'.format(full_path) in (
            ei.exconly()
+        )

    @pytest.mark.skipif(IS_WINDOWS_PLATFORM, reason='No symlinks on Windows')
    def test_tar_with_file_symlinks(self):