From 5a257a8fc2572c227c645c8fb945b4e7a61bccb8 Mon Sep 17 00:00:00 2001
From: Trevor Shoe <trevor.schupbach@canonical.com>
Date: Fri, 4 Oct 2024 09:45:53 -0400
Subject: [PATCH] [lxd] Change instance image permissions to root only

---
 src/daemon/default_vm_image_vault.cpp          |  2 +-
 .../backends/lxd/lxd_vm_image_vault.cpp        |  3 +++
 src/utils/vm_image_vault_utils.cpp             |  4 ++--
 tests/test_image_vault.cpp                     | 18 ++++++++++++++++++
 4 files changed, 24 insertions(+), 3 deletions(-)

diff --git a/src/daemon/default_vm_image_vault.cpp b/src/daemon/default_vm_image_vault.cpp
index a09c1fae85..89f2226499 100644
--- a/src/daemon/default_vm_image_vault.cpp
+++ b/src/daemon/default_vm_image_vault.cpp
@@ -645,7 +645,7 @@ QString mp::DefaultVMImageVault::extract_image_from(const VMImage& source_image,
                                                     const ProgressMonitor& monitor,
                                                     const mp::Path& dest_dir)
 {
-    MP_UTILS.make_dir(dest_dir, QFile::ReadOwner | QFile::WriteOwner | QFile::ExeOwner);
+    MP_UTILS.make_dir(dest_dir, QFile::ReadOwner | QFile::WriteOwner);
     MP_PLATFORM.set_root_as_owner(dest_dir);
 
     QFileInfo file_info{source_image.image_path};
diff --git a/src/platform/backends/lxd/lxd_vm_image_vault.cpp b/src/platform/backends/lxd/lxd_vm_image_vault.cpp
index b2b7cd05af..e53cefdcc1 100644
--- a/src/platform/backends/lxd/lxd_vm_image_vault.cpp
+++ b/src/platform/backends/lxd/lxd_vm_image_vault.cpp
@@ -93,6 +93,9 @@ QString post_process_downloaded_image(const QString& image_path, const mp::Progr
         mp::vault::delete_file(original_image_path);
     }
 
+    MP_PLATFORM.set_permissions(new_image_path, QFile::ReadOwner | QFile::WriteOwner);
+    MP_PLATFORM.set_root_as_owner(new_image_path);
+
     return new_image_path;
 }
 
diff --git a/src/utils/vm_image_vault_utils.cpp b/src/utils/vm_image_vault_utils.cpp
index 860394d96d..a2735d7da1 100644
--- a/src/utils/vm_image_vault_utils.cpp
+++ b/src/utils/vm_image_vault_utils.cpp
@@ -47,7 +47,7 @@ QString mp::vault::copy(const QString& file_name, const QDir& output_dir)
     auto new_path = output_dir.filePath(source_name);
     QFile::copy(file_name, new_path);
 
-    MP_PLATFORM.set_permissions(new_path, QFile::ReadOwner | QFile::WriteOwner | QFile::ExeOwner);
+    MP_PLATFORM.set_permissions(new_path, QFile::ReadOwner | QFile::WriteOwner);
     MP_PLATFORM.set_root_as_owner(new_path);
 
     return new_path;
@@ -95,7 +95,7 @@ QString mp::vault::extract_image(const mp::Path& image_path, const mp::ProgressM
 
     xz_decoder.decode_to(new_image_path, monitor);
 
-    MP_PLATFORM.set_permissions(new_image_path, QFile::ReadOwner | QFile::WriteOwner | QFile::ExeOwner);
+    MP_PLATFORM.set_permissions(new_image_path, QFile::ReadOwner | QFile::WriteOwner);
     MP_PLATFORM.set_root_as_owner(new_image_path);
 
     mp::vault::delete_file(image_path);
diff --git a/tests/test_image_vault.cpp b/tests/test_image_vault.cpp
index 73ecc923cd..5b052e4395 100644
--- a/tests/test_image_vault.cpp
+++ b/tests/test_image_vault.cpp
@@ -21,6 +21,7 @@
 #include "mock_image_host.h"
 #include "mock_json_utils.h"
 #include "mock_logger.h"
+#include "mock_platform.h"
 #include "mock_process_factory.h"
 #include "path.h"
 #include "stub_url_downloader.h"
@@ -364,6 +365,11 @@ TEST_F(ImageVault, remembers_prepared_images)
 
 TEST_F(ImageVault, uses_image_from_prepare)
 {
+    auto [mock_platform, platform_guard] = mpt::MockPlatform::inject();
+
+    ON_CALL(*mock_platform, set_permissions).WillByDefault(Return(true));
+    ON_CALL(*mock_platform, set_root_as_owner).WillByDefault(Return(true));
+
     constexpr auto expected_data = "12345-pied-piper-rats";
 
     QDir dir{cache_dir.path()};
@@ -459,6 +465,12 @@ TEST_F(ImageVault, invalid_image_dir_is_removed)
 
 TEST_F(ImageVault, DISABLE_ON_WINDOWS_AND_MACOS(file_based_fetch_copies_image_and_returns_expected_info))
 {
+    auto [mock_platform, platform_guard] = mpt::MockPlatform::inject();
+
+    ON_CALL(*mock_platform, is_image_url_supported).WillByDefault(Return(true));
+    ON_CALL(*mock_platform, set_permissions).WillByDefault(Return(true));
+    ON_CALL(*mock_platform, set_root_as_owner).WillByDefault(Return(true));
+
     mpt::TempFile file;
     mp::DefaultVMImageVault vault{hosts, &url_downloader, cache_dir.path(), data_dir.path(), mp::days{0}};
     auto query = default_query;
@@ -690,6 +702,12 @@ TEST_F(ImageVault, minimum_image_size_returns_expected_size)
 
 TEST_F(ImageVault, DISABLE_ON_WINDOWS_AND_MACOS(file_based_minimum_size_returns_expected_size))
 {
+    auto [mock_platform, platform_guard] = mpt::MockPlatform::inject();
+
+    ON_CALL(*mock_platform, is_image_url_supported).WillByDefault(Return(true));
+    ON_CALL(*mock_platform, set_permissions).WillByDefault(Return(true));
+    ON_CALL(*mock_platform, set_root_as_owner).WillByDefault(Return(true));
+
     const mp::MemorySize image_size{"2097152"};
     const mp::ProcessState qemuimg_exit_status{0, std::nullopt};
     const QByteArray qemuimg_output(fake_img_info(image_size));