authprovider: handle eaccess on storing token seeds

Signed-off-by: Tonis Tiigi <tonistiigi@gmail.com>
2021-07-08 19:38:14 -07:00 · 2021-07-08 19:38:14 -07:00 · 3233c5275a
parent 64dd6d5520
commit 3233c5275a
1 changed files with 3 additions and 3 deletions
--- a/session/auth/authprovider/tokenseed.go
+++ b/session/auth/authprovider/tokenseed.go
@ -37,7 +37,7 @@ func (ts *tokenSeeds) getSeed(host string) ([]byte, error) {

 	l := flock.New(filepath.Join(ts.dir, ".token_seed.lock"))
 	if err := l.Lock(); err != nil {
-		if !errors.Is(err, syscall.EROFS) && errors.Is(err, syscall.EPERM) {
+		if !errors.Is(err, syscall.EROFS) && !errors.Is(err, os.ErrPermission) {
 			return nil, err
 		}
 	} else {
@ -49,7 +49,7 @@ func (ts *tokenSeeds) getSeed(host string) ([]byte, error) {
 	// we include client side randomness to avoid chosen plaintext attack from the daemon side
 	dt, err := ioutil.ReadFile(fp)
 	if err != nil {
-		if !errors.Is(err, os.ErrNotExist) && !errors.Is(err, syscall.ENOTDIR) {
+		if !errors.Is(err, os.ErrNotExist) && !errors.Is(err, syscall.ENOTDIR) && !errors.Is(err, os.ErrPermission) {
 			return nil, err
 		}
 	} else {
@ -69,7 +69,7 @@ func (ts *tokenSeeds) getSeed(host string) ([]byte, error) {
 	}

 	if err := ioutil.WriteFile(fp, dt, 0600); err != nil {
-		if !errors.Is(err, syscall.EROFS) && !errors.Is(err, syscall.EPERM) {
+		if !errors.Is(err, syscall.EROFS) && !errors.Is(err, os.ErrPermission) {
 			return nil, err
 		}
 	}