Don't chmod 777 *all* of /dev/shm; just the dir. Since we bind mount /run/shm (or /dev/shm), treat it like a shared resource by not changing the permissions of all of its contents. BUG=None TEST=cros_sdk Change-Id: I86735189e903f258704c2704d497eb1ea969f431 Reviewed-on: https://chromium-review.googlesource.com/337321 Commit-Ready: Josh McSavaney <mcsaucy@google.com> Tested-by: Josh McSavaney <mcsaucy@google.com> Reviewed-by: Mike Frysinger <vapier@chromium.org>

commit: 8477dad7bf969caa2863b181898a5014cf0fd7eb [log] [tgz]
author: Josh McSavaney <mcsaucy@google.com> Tue Apr 05 13:43:26 2016 -0700
committer: chrome-bot <chrome-bot@chromium.org> Wed Apr 13 08:58:30 2016 -0700
tree: 9f44f710726b1018d9a648960be342f0ce66b249
parent: 33c8a27f906ff03bdef679e4d2a89fbcbdcbebbb [diff] [blame]
diff --git a/sdk_lib/enter_chroot.sh b/sdk_lib/enter_chroot.sh
index 0ddb7ce..c0dc589 100755
--- a/sdk_lib/enter_chroot.sh
+++ b/sdk_lib/enter_chroot.sh

@@ -502,8 +502,9 @@
     promote_api_keys
 
     # Fix permissions on shared memory to allow non-root users access to POSIX
-    # semaphores.
-    chmod -R 777 "${FLAGS_chroot}/dev/shm"
+    # semaphores. Take special care to only change the permissions on the
+    # directory and not all of its contents.
+    chmod 1777 "${FLAGS_chroot}/dev/shm"
 
     # gsutil uses boto config to store settings and credentials. Copy
     # user's own boto file into the chroot if it exists. Also copy it
commit	8477dad7bf969caa2863b181898a5014cf0fd7eb	[log] [tgz]
author	Josh McSavaney <mcsaucy@google.com>	Tue Apr 05 13:43:26 2016 -0700
committer	chrome-bot <chrome-bot@chromium.org>	Wed Apr 13 08:58:30 2016 -0700
tree	9f44f710726b1018d9a648960be342f0ce66b249
parent	33c8a27f906ff03bdef679e4d2a89fbcbdcbebbb [diff] [blame]