Skip to content

Commit

Permalink
fix file executable permissions check error on macos in docker container
Browse files Browse the repository at this point in the history
On macOS Sonoma v14.5, it was discovered that when using avocado in a Docker container
to run scripts without execute permissions, they are considered to have executable permissions.

By directly reading the file's permission bits, the stat method can provide more accurate
permission check results, especially in cases where user context and file system
characteristics might affect the behavior of os.access. This method is closer to the
underlying implementation of the file system, thus providing consistent results across
different environments (such as inside and outside Docker containers). After entering the
container using docker exec -it container bash, use the stat command to check the
file permission bits.

Reference: #5945
Signed-off-by: likui <[email protected]>
  • Loading branch information
eeslook committed Jun 19, 2024
1 parent 69d34a9 commit bc7dfd2
Showing 1 changed file with 24 additions and 2 deletions.
26 changes: 24 additions & 2 deletions avocado/core/resolver.py
Original file line number Diff line number Diff line change
Expand Up @@ -18,6 +18,7 @@

import glob
import os
import stat
from enum import Enum

from avocado.core.enabled_extension_manager import EnabledExtensionManager
Expand Down Expand Up @@ -196,11 +197,32 @@ def check_file(
info=f'File "{path}" does not exist or is not a {type_name}',
)

if not os.access(path, access_check):
st = os.stat(path)

user_permissions = st.st_mode & (stat.S_IRUSR | stat.S_IWUSR | stat.S_IXUSR)

# Initialize required permissions to 0, indicating no permissions are needed yet
required_permissions = 0

# Build the required permissions based on access_check
if access_check & os.R_OK:
# If read access needs to be checked, set the corresponding user read permission bit
required_permissions |= stat.S_IRUSR
if access_check & os.W_OK:
# If write access needs to be checked, set the corresponding user write permission bit
required_permissions |= stat.S_IWUSR
if access_check & os.X_OK:
# If execute access needs to be checked, set the corresponding user execute permission bit
required_permissions |= stat.S_IXUSR

# Check if the user has the required permissions
if (user_permissions & required_permissions) != required_permissions:
# If the bitwise AND of user permissions and required permissions is not equal to required permissions,
# it means the user is missing some permissions
return ReferenceResolution(
reference,
ReferenceResolutionResult.NOTFOUND,
info=f'File "{path}" does not exist or is not {access_name}',
info=f'File "{path}" does not have the required {access_name} permissions',
)

return True
Expand Down

0 comments on commit bc7dfd2

Please sign in to comment.