gh-134587: Fix os.mkdir(mode=0o700) under Windows AppContainer#148804
Open
thatnerdyguy wants to merge 4 commits intopython:mainfrom
Open
gh-134587: Fix os.mkdir(mode=0o700) under Windows AppContainer#148804thatnerdyguy wants to merge 4 commits intopython:mainfrom
thatnerdyguy wants to merge 4 commits intopython:mainfrom
Conversation
In 8af84b5 (pythongh-118773), which was a follow up to 81939da (pythongh-118488), an SDDL was used to grant a directory created via os.mkdir with mode=0o700 owner, admin, and system control. However, when running under a Windows AppContainer, objects must ALSO allow access for the AppContainer SID. This changes the logic to do a one time resolution of the SDDL string to use. If we are running under an AppContainer, then the SDDL includes the SID of the AppContainer, otherwise we use the same standard SDDL as before.
|
All commit authors signed the Contributor License Agreement. |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
1 participant
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
In gh-118773, which was a follow up to gh-118488, an SDDL was used to grant a directory created via
os.mkdirwith mode=0o700 owner, admin, and system control. However, when running under a Windows AppContainer, objects must ALSO allow access for the AppContainer SID.This changes the logic to do a one time resolution of the SDDL string to use. If we are running under an AppContainer, then the SDDL includes the SID of the AppContainer, otherwise we use the same standard SDDL as before.