Merge pull request #2234 from tonistiigi/token-eaccess

authprovider: handle eaccess on storing token seeds
2021-07-09 11:23:01 -07:00 · 2021-07-09 11:23:01 -07:00 · 4367890e51
parent b93b5b62d1 3233c5275a
commit 4367890e51
1 changed files with 3 additions and 3 deletions
--- a/session/auth/authprovider/tokenseed.go
+++ b/session/auth/authprovider/tokenseed.go
@ -37,7 +37,7 @@ func (ts *tokenSeeds) getSeed(host string) ([]byte, error) {

 	l := flock.New(filepath.Join(ts.dir, ".token_seed.lock"))
 	if err := l.Lock(); err != nil {
-		if !errors.Is(err, syscall.EROFS) && errors.Is(err, syscall.EPERM) {
+		if !errors.Is(err, syscall.EROFS) && !errors.Is(err, os.ErrPermission) {
 			return nil, err
 		}
 	} else {
@ -49,7 +49,7 @@ func (ts *tokenSeeds) getSeed(host string) ([]byte, error) {
 	// we include client side randomness to avoid chosen plaintext attack from the daemon side
 	dt, err := ioutil.ReadFile(fp)
 	if err != nil {
-		if !errors.Is(err, os.ErrNotExist) && !errors.Is(err, syscall.ENOTDIR) {
+		if !errors.Is(err, os.ErrNotExist) && !errors.Is(err, syscall.ENOTDIR) && !errors.Is(err, os.ErrPermission) {
 			return nil, err
 		}
 	} else {
@ -69,7 +69,7 @@ func (ts *tokenSeeds) getSeed(host string) ([]byte, error) {
 	}

 	if err := ioutil.WriteFile(fp, dt, 0600); err != nil {
-		if !errors.Is(err, syscall.EROFS) && !errors.Is(err, syscall.EPERM) {
+		if !errors.Is(err, syscall.EROFS) && !errors.Is(err, os.ErrPermission) {
 			return nil, err
 		}
 	}