Compare commits

..

No commits in common. "38b3f189b891e70047cc245b3d984ac0498acb4b" and "d458fa5ea4a82ba06f84fcfb798d690472914f68" have entirely different histories.

View File

@ -94,22 +94,13 @@ _app_dir() {
# Let the rootless container user reach the few system-tree files it must read as
# bind-mount sources (the WebUI's configs/webui/*), WITHOUT exposing the rest of
# the control plane — or those files' contents to other local users.
#
# Access is granted via the GROUP, not world: under rootless the container's gid 0
# maps to the container owner's gid on the host, so group-read is enough for the
# container while other local users get nothing. Owner stays the manager so the
# control plane can still rewrite them; the dir keeps only o+x (traverse, not list).
# This is what keeps secrets like webui_logins from being world-readable.
# the control plane: traverse SYSTEM_DIR + configs, read configs/webui only.
_webui_bind_access() {
chmod o+x "$SYSTEM_DIR" 2>/dev/null
[[ -d "$CONFIGS_DIR" ]] && chmod o+x "$CONFIGS_DIR" 2>/dev/null
if [[ -d "$CONFIGS_DIR/webui" ]]; then
local cowner; cowner="$(_container_owner "$(_mode)")"
chown "$MANAGER:$cowner" "$CONFIGS_DIR/webui" 2>/dev/null
chmod 0751 "$CONFIGS_DIR/webui" 2>/dev/null
find "$CONFIGS_DIR/webui" -maxdepth 1 -type f \
-exec chown "$MANAGER:$cowner" {} \; -exec chmod 0640 {} \; 2>/dev/null
chmod o+rx "$CONFIGS_DIR/webui" 2>/dev/null
find "$CONFIGS_DIR/webui" -maxdepth 1 -type f -exec chmod o+r {} \; 2>/dev/null
fi
}