From df112ef3f569dc358c3216c86636fd0972d284bf Mon Sep 17 00:00:00 2001 From: Vincent Li Date: Mon, 26 Aug 2024 16:29:21 +0000 Subject: [PATCH] Create temporary files under /tmp directory When run loxicmd save -c with --ip or --firewall or --lb from BPFire web interface with user "nobody" when is owned by user "nobody", web inrerface got error "Can't create dump file". The issue is reported in https://github.com/vincentmli/BPFire/issues/30 with the help of libbpf-tools opensnoop, the permission error shows below: PID COMM FD ERR PATH 23194 loxicmd -1 13 lbconfig_2024-08-23_19:00:35.txt ERR 13 is EACCESS, and the PATH is lbconfig_2024-08-23_19:00:35.txt "lbconfig_2024-08-23_19:00:35.txt" is neither under nor /tmp which web user "nobody" has permission to create file in. since "lbconfig_2024-08-23_19:00:35.txt" is temporary file, we can create the temporary file under /tmp directory and automatically get removed after loxicmd exit. fix: https://github.com/loxilb-io/loxicmd/issues/26 Signed-off-by: Vincent Li --- cmd/get/get_firewall.go | 4 ++-- cmd/get/get_loadbalancer.go | 4 ++-- cmd/get/get_netlink.go | 8 +++++--- 3 files changed, 9 insertions(+), 7 deletions(-) diff --git a/cmd/get/get_firewall.go b/cmd/get/get_firewall.go index bd80a4c..296f711 100644 --- a/cmd/get/get_firewall.go +++ b/cmd/get/get_firewall.go @@ -141,7 +141,7 @@ func FWAPICall(restOptions *api.RESTOptions) (*http.Response, error) { func FWdump(restOptions *api.RESTOptions, path string) (string, error) { // File Open - fileP := []string{"FWconfig_", ".txt"} + fileP := []string{"/tmp/FWconfig_", ".txt"} t := time.Now() file := strings.Join(fileP, t.Local().Format("2006-01-02_15:04:05")) f, err := os.Create(file) @@ -149,7 +149,7 @@ func FWdump(restOptions *api.RESTOptions, path string) (string, error) { fmt.Printf("Can't create dump file\n") os.Exit(1) } - defer f.Close() + defer os.Remove(f.Name()) // API Call client := api.NewLoxiClient(restOptions) diff --git a/cmd/get/get_loadbalancer.go b/cmd/get/get_loadbalancer.go index a59381a..32c0db9 100644 --- a/cmd/get/get_loadbalancer.go +++ b/cmd/get/get_loadbalancer.go @@ -225,7 +225,7 @@ func Lbdump(restOptions *api.RESTOptions, path string) (string, error) { lbresp := api.LbRuleModGet{} dresp := api.LbRuleModGet{} // File Open - fileP := []string{"lbconfig_", ".txt"} + fileP := []string{"/tmp/lbconfig_", ".txt"} t := time.Now() file := strings.Join(fileP, t.Local().Format("2006-01-02_15:04:05")) f, err := os.Create(file) @@ -233,7 +233,7 @@ func Lbdump(restOptions *api.RESTOptions, path string) (string, error) { fmt.Printf("Can't create dump file\n") os.Exit(1) } - defer f.Close() + defer os.Remove(f.Name()) // API Call client := api.NewLoxiClient(restOptions) diff --git a/cmd/get/get_netlink.go b/cmd/get/get_netlink.go index a9c8747..e58a75a 100644 --- a/cmd/get/get_netlink.go +++ b/cmd/get/get_netlink.go @@ -514,7 +514,7 @@ func GetBonds() { func Nlpdump(dpath string) (string, error) { var ret int var err error - fileP := []string{"ipconfig_", ".txt"} + fileP := []string{"/tmp/ipconfig_", ".txt"} t := time.Now() file := strings.Join(fileP, t.Local().Format("2006-01-02_15:04:05")) f, err = os.Create(file) @@ -523,9 +523,9 @@ func Nlpdump(dpath string) (string, error) { os.Exit(1) } - defer f.Close() + defer os.Remove(f.Name()) - path = "ipconfig_" + t.Local().Format("2006-01-02_15:04:05") + "/" + path = "/tmp/" + "ipconfig_" + t.Local().Format("2006-01-02_15:04:05") + "/" //fmt.Printf("Creating intf config dir : %s\n", path) if _, err := os.Stat(path); errors.Is(err, os.ErrNotExist) { err := os.Mkdir(path, os.ModePerm) @@ -534,6 +534,8 @@ func Nlpdump(dpath string) (string, error) { } } + defer os.RemoveAll(path) + /*Get bridge info first */ GetBridges() GetBonds()