fileperms: newer Go 1.13+ octal literal format

cmd/podman/common/build.go

@@ -249,7 +249,7 @@ func ParseBuildOpts(cmd *cobra.Command, args []string, buildOpts *BuildFlagsWrap
 	var logFile *os.File
 	if cmd.Flag("logfile").Changed {
 		var err error
-		logFile, err = os.OpenFile(buildOpts.Logfile, os.O_CREATE|os.O_TRUNC|os.O_WRONLY, 0600)
+		logFile, err = os.OpenFile(buildOpts.Logfile, os.O_CREATE|os.O_TRUNC|os.O_WRONLY, 0o600)
 		if err != nil {
 			return nil, err
 		}

cmd/podman/containers/commit.go

@@ -116,7 +116,7 @@ func commit(_ *cobra.Command, args []string) error {
 		return err
 	}
 	if len(iidFile) > 0 {
-		if err = os.WriteFile(iidFile, []byte(response.Id), 0644); err != nil {
+		if err = os.WriteFile(iidFile, []byte(response.Id), 0o644); err != nil {
 			return fmt.Errorf("failed to write image ID: %w", err)
 		}
 	}

cmd/podman/containers/export.go

@@ -81,7 +81,7 @@ func export(_ *cobra.Command, args []string) error {
 		}
 		// open file here with O_WRONLY since on MacOS it can fail to open /dev/stderr in read mode for example
 		// https://github.com/containers/podman/issues/16870
-		file, err := os.OpenFile(outputFile, os.O_WRONLY|os.O_CREATE|os.O_TRUNC, 0644)
+		file, err := os.OpenFile(outputFile, os.O_WRONLY|os.O_CREATE|os.O_TRUNC, 0o644)
 		if err != nil {
 			return err
 		}

cmd/podman/early_init_linux.go

@@ -21,7 +21,7 @@ func setRLimits() error {
 
 func setUMask() {
 	// Be sure we can create directories with 0755 mode.
-	syscall.Umask(0022)
+	syscall.Umask(0o022)
 }
 
 func earlyInitHook() {

cmd/podman/generate/spec.go

@@ -59,7 +59,7 @@ func spec(_ *cobra.Command, args []string) error {
 	// if we are looking to print the output, do not mess it up by printing the path
 	// if we are using -v the user probably expects to pipe the output somewhere else
 	if len(opts.FileName) > 0 {
-		err = os.WriteFile(opts.FileName, report.Data, 0644)
+		err = os.WriteFile(opts.FileName, report.Data, 0o644)
 		if err != nil {
 			return err
 		}

cmd/podman/images/utils_linux.go

@@ -20,7 +20,7 @@ func setupPipe() (string, func() <-chan error, error) {
 		return "", nil, err
 	}
 	pipePath := filepath.Join(pipeDir, "saveio")
-	err = unix.Mkfifo(pipePath, 0600)
+	err = unix.Mkfifo(pipePath, 0o600)
 	if err != nil {
 		if e := os.RemoveAll(pipeDir); e != nil {
 			logrus.Errorf("Removing named pipe: %q", e)

cmd/podman/kube/generate.go

@@ -109,7 +109,7 @@ func generateKube(cmd *cobra.Command, args []string) error {
 		if err := fileutils.Exists(generateFile); err == nil {
 			return fmt.Errorf("cannot write to %q; file exists", generateFile)
 		}
-		if err := os.WriteFile(generateFile, content, 0644); err != nil {
+		if err := os.WriteFile(generateFile, content, 0o644); err != nil {
 			return fmt.Errorf("cannot write to %q: %w", generateFile, err)
 		}
 		return nil

cmd/podman/manifest/push.go

@@ -170,7 +170,7 @@ func push(cmd *cobra.Command, args []string) error {
 		return err
 	}
 	if manifestPushOpts.DigestFile != "" {
-		if err := os.WriteFile(manifestPushOpts.DigestFile, []byte(digest), 0644); err != nil {
+		if err := os.WriteFile(manifestPushOpts.DigestFile, []byte(digest), 0o644); err != nil {
 			return err
 		}
 	}

cmd/podman/system/service.go

@@ -111,7 +111,7 @@ func service(cmd *cobra.Command, args []string) error {
 			if err := syscall.Unlink(uri.Path); err != nil && !os.IsNotExist(err) {
 				return err
 			}
-			mask := syscall.Umask(0177)
+			mask := syscall.Umask(0o177)
 			defer syscall.Umask(mask)
 		}
 	}
@@ -162,12 +162,12 @@ func resolveAPIURI(uri []string) (string, error) {
 
 		socketName := "podman.sock"
 		socketPath := filepath.Join(xdg, "podman", socketName)
-		if err := os.MkdirAll(filepath.Dir(socketPath), 0700); err != nil {
+		if err := os.MkdirAll(filepath.Dir(socketPath), 0o700); err != nil {
 			return "", err
 		}
 		return "unix://" + socketPath, nil
 	default:
-		if err := os.MkdirAll(filepath.Dir(registry.DefaultRootAPIPath), 0700); err != nil {
+		if err := os.MkdirAll(filepath.Dir(registry.DefaultRootAPIPath), 0o700); err != nil {
 			return "", err
 		}
 		return registry.DefaultRootAPIAddress, nil

cmd/quadlet/main.go

@@ -51,7 +51,7 @@ func logToKmsg(s string) bool {
 	}
 
 	if kmsgFile == nil {
-		f, err := os.OpenFile("/dev/kmsg", os.O_WRONLY, 0644)
+		f, err := os.OpenFile("/dev/kmsg", os.O_WRONLY, 0o644)
 		if err != nil {
 			noKmsg = true
 			return false

cmd/rootlessport/main.go

@@ -84,7 +84,7 @@ func parent() error {
 	}
 
 	socketDir := filepath.Join(cfg.TmpDir, "rp")
-	err = os.MkdirAll(socketDir, 0700)
+	err = os.MkdirAll(socketDir, 0o700)
 	if err != nil {
 		return err
 	}
@@ -223,7 +223,7 @@ outer:
 
 	// https://github.com/containers/podman/issues/11248
 	// Copy /dev/null to stdout and stderr to prevent SIGPIPE errors
-	if f, err := os.OpenFile(os.DevNull, os.O_WRONLY, 0755); err == nil {
+	if f, err := os.OpenFile(os.DevNull, os.O_WRONLY, 0o755); err == nil {
 		unix.Dup2(int(f.Fd()), 1) //nolint:errcheck
 		unix.Dup2(int(f.Fd()), 2) //nolint:errcheck
 		f.Close()

internal/remote_build_helpers/utils_test.go

@@ -34,7 +34,7 @@ func TestTempFileManager(t *testing.T) {
 		secretPath := filepath.Join(tempdir, "secret.txt")
 
 		content := "test secret"
-		err := os.WriteFile(secretPath, []byte(content), 0600)
+		err := os.WriteFile(secretPath, []byte(content), 0o600)
 		assert.NoError(t, err)
 
 		filename, err := manager.CreateTempSecret(secretPath, tempdir)

libpod/boltdb_state.go

@@ -99,7 +99,7 @@ func NewBoltState(path string, runtime *Runtime) (State, error) {
 		logrus.Infof("The deprecated BoltDB database driver is in use. This driver will be removed in the upcoming Podman 6.0 release in mid 2026. It is advised that you migrate to SQLite to avoid issues when this occurs. Set SUPPRESS_BOLTDB_WARNING environment variable to remove this message.")
 	}
 
-	db, err := bolt.Open(path, 0600, nil)
+	db, err := bolt.Open(path, 0o600, nil)
 	if err != nil {
 		return nil, fmt.Errorf("opening database %s: %w", path, err)
 	}

libpod/boltdb_state_internal.go

@@ -279,7 +279,7 @@ func (s *BoltState) getDBCon() (*bolt.DB, error) {
 	// https://www.sqlite.org/src/artifact/c230a7a24?ln=994-1081
 	s.dbLock.Lock()
 
-	db, err := bolt.Open(s.dbPath, 0600, nil)
+	db, err := bolt.Open(s.dbPath, 0o600, nil)
 	if err != nil {
 		return nil, fmt.Errorf("opening database %s: %w", s.dbPath, err)
 	}

libpod/container_internal.go

@@ -551,7 +551,7 @@ func (c *Container) setupStorage(ctx context.Context) error {
 	}
 
 	artifacts := filepath.Join(c.config.StaticDir, artifactsDir)
-	if err := os.MkdirAll(artifacts, 0755); err != nil {
+	if err := os.MkdirAll(artifacts, 0o755); err != nil {
 		return fmt.Errorf("creating artifacts directory: %w", err)
 	}
 
@@ -685,7 +685,7 @@ func (c *Container) refresh() error {
 			return err
 		}
 		root := filepath.Join(c.runtime.config.Engine.TmpDir, "containers-root", c.ID())
-		if err := os.MkdirAll(root, 0755); err != nil {
+		if err := os.MkdirAll(root, 0o755); err != nil {
 			return fmt.Errorf("creating userNS tmpdir for container %s: %w", c.ID(), err)
 		}
 		if err := idtools.SafeChown(root, c.RootUID(), c.RootGID()); err != nil {
@@ -1827,7 +1827,7 @@ func (c *Container) mountStorage() (_ string, deferredErr error) {
 	}
 	defer unix.Close(dirfd)
 
-	err = unix.Mkdirat(dirfd, "etc", 0755)
+	err = unix.Mkdirat(dirfd, "etc", 0o755)
 	if err != nil && !os.IsExist(err) {
 		return "", fmt.Errorf("create /etc: %w", err)
 	}
@@ -2437,7 +2437,7 @@ func (c *Container) saveSpec(spec *spec.Spec) error {
 	if err != nil {
 		return fmt.Errorf("exporting runtime spec for container %s to JSON: %w", c.ID(), err)
 	}
-	if err := os.WriteFile(jsonPath, fileJSON, 0644); err != nil {
+	if err := os.WriteFile(jsonPath, fileJSON, 0o644); err != nil {
 		return fmt.Errorf("writing runtime spec JSON for container %s to disk: %w", c.ID(), err)
 	}
 
@@ -2534,7 +2534,7 @@ func (c *Container) recreateIntermediateMountpointUser() (string, error) {
 			tmpDir = "/tmp"
 		}
 		dir := filepath.Join(tmpDir, fmt.Sprintf("intermediate-mountpoint-%d.%d", rootless.GetRootlessUID(), i))
-		err := os.Mkdir(dir, 0755)
+		err := os.Mkdir(dir, 0o755)
 		if err != nil {
 			if !errors.Is(err, os.ErrExist) {
 				return "", err
@@ -2765,7 +2765,7 @@ func (c *Container) extractSecretToCtrStorage(secr *ContainerSecret) error {
 	if err != nil {
 		return fmt.Errorf("unable to extract secret: %w", err)
 	}
-	err = os.WriteFile(secretFile, data, 0644)
+	err = os.WriteFile(secretFile, data, 0o644)
 	if err != nil {
 		return fmt.Errorf("unable to create %s: %w", secretFile, err)
 	}

libpod/container_internal_common.go

@@ -186,7 +186,7 @@ func (c *Container) createInitRootfs() error {
 		return fmt.Errorf("getting runtime temporary directory: %w", err)
 	}
 	tmpDir = filepath.Join(tmpDir, "infra-container")
-	err = os.MkdirAll(tmpDir, 0755)
+	err = os.MkdirAll(tmpDir, 0o755)
 	if err != nil {
 		return fmt.Errorf("creating infra container temporary directory: %w", err)
 	}
@@ -932,7 +932,7 @@ func (c *Container) resolveWorkDir() error {
 		// we need to return the full error.
 		return fmt.Errorf("detecting workdir %q on container %s: %w", workdir, c.ID(), err)
 	}
-	if err := os.MkdirAll(resolvedWorkdir, 0755); err != nil {
+	if err := os.MkdirAll(resolvedWorkdir, 0o755); err != nil {
 		return fmt.Errorf("creating container %s workdir: %w", c.ID(), err)
 	}
 
@@ -1010,7 +1010,7 @@ func (c *Container) mountNotifySocket(g generate.Generator) error {
 
 	notifyDir := filepath.Join(c.bundlePath(), "notify")
 	logrus.Debugf("Checking notify %q dir", notifyDir)
-	if err := os.MkdirAll(notifyDir, 0755); err != nil {
+	if err := os.MkdirAll(notifyDir, 0o755); err != nil {
 		if !os.IsExist(err) {
 			return fmt.Errorf("unable to create notify %q dir: %w", notifyDir, err)
 		}
@@ -1218,7 +1218,7 @@ func (c *Container) exportCheckpoint(options ContainerCheckpointOptions) error {
 
 	// Create an archive for each volume associated with the container
 	if !options.IgnoreVolumes {
-		if err := os.MkdirAll(expVolDir, 0700); err != nil {
+		if err := os.MkdirAll(expVolDir, 0o700); err != nil {
 			return fmt.Errorf("creating volumes export directory %q: %w", expVolDir, err)
 		}
 
@@ -1278,7 +1278,7 @@ func (c *Container) exportCheckpoint(options ContainerCheckpointOptions) error {
 	}
 	defer outFile.Close()
 
-	if err := os.Chmod(options.TargetFile, 0600); err != nil {
+	if err := os.Chmod(options.TargetFile, 0o600); err != nil {
 		return err
 	}
 
@@ -2892,7 +2892,7 @@ func (c *Container) generatePasswdAndGroup() (string, string, error) {
 			if err != nil {
 				return "", "", fmt.Errorf("failed to create temporary passwd file: %w", err)
 			}
-			if err := os.Chmod(passwdFile, 0644); err != nil {
+			if err := os.Chmod(passwdFile, 0o644); err != nil {
 				return "", "", err
 			}
 			passwdPath = passwdFile
@@ -2903,7 +2903,7 @@ func (c *Container) generatePasswdAndGroup() (string, string, error) {
 				return "", "", fmt.Errorf("looking up location of container %s /etc/passwd: %w", c.ID(), err)
 			}
 
-			f, err := os.OpenFile(containerPasswd, os.O_CREATE|os.O_APPEND|os.O_WRONLY, 0600)
+			f, err := os.OpenFile(containerPasswd, os.O_CREATE|os.O_APPEND|os.O_WRONLY, 0o600)
 			if err != nil {
 				return "", "", fmt.Errorf("container %s: %w", c.ID(), err)
 			}
@@ -2938,7 +2938,7 @@ func (c *Container) generatePasswdAndGroup() (string, string, error) {
 			if err != nil {
 				return "", "", fmt.Errorf("failed to create temporary group file: %w", err)
 			}
-			if err := os.Chmod(groupFile, 0644); err != nil {
+			if err := os.Chmod(groupFile, 0o644); err != nil {
 				return "", "", err
 			}
 			groupPath = groupFile
@@ -2949,7 +2949,7 @@ func (c *Container) generatePasswdAndGroup() (string, string, error) {
 				return "", "", fmt.Errorf("looking up location of container %s /etc/group: %w", c.ID(), err)
 			}
 
-			f, err := os.OpenFile(containerGroup, os.O_CREATE|os.O_APPEND|os.O_WRONLY, 0600)
+			f, err := os.OpenFile(containerGroup, os.O_CREATE|os.O_APPEND|os.O_WRONLY, 0o600)
 			if err != nil {
 				return "", "", fmt.Errorf("container %s: %w", c.ID(), err)
 			}

libpod/events/logfile.go

@@ -29,12 +29,12 @@ type EventLogFile struct {
 // newLogFileEventer creates a new EventLogFile eventer
 func newLogFileEventer(options EventerOptions) (*EventLogFile, error) {
 	// Create events log dir
-	if err := os.MkdirAll(filepath.Dir(options.LogFilePath), 0700); err != nil {
+	if err := os.MkdirAll(filepath.Dir(options.LogFilePath), 0o700); err != nil {
 		return nil, fmt.Errorf("creating events dirs: %w", err)
 	}
 	// We have to make sure the file is created otherwise reading events will hang.
 	// https://github.com/containers/podman/issues/15688
-	fd, err := os.OpenFile(options.LogFilePath, os.O_RDONLY|os.O_CREATE, 0600)
+	fd, err := os.OpenFile(options.LogFilePath, os.O_RDONLY|os.O_CREATE, 0o600)
 	if err != nil {
 		return nil, fmt.Errorf("failed to create event log file: %w", err)
 	}
@@ -64,7 +64,7 @@ func (e EventLogFile) Write(ee Event) error {
 }
 
 func (e EventLogFile) writeString(s string) error {
-	f, err := os.OpenFile(e.options.LogFilePath, os.O_APPEND|os.O_CREATE|os.O_WRONLY, 0700)
+	f, err := os.OpenFile(e.options.LogFilePath, os.O_APPEND|os.O_CREATE|os.O_WRONLY, 0o700)
 	if err != nil {
 		return err
 	}

libpod/healthcheck.go

@@ -407,7 +407,7 @@ func (c *Container) witeToFileHealthCheckResults(path string, result define.Heal
 	if err != nil {
 		return fmt.Errorf("unable to marshall healthchecks for writing: %w", err)
 	}
-	return os.WriteFile(path, newResults, 0700)
+	return os.WriteFile(path, newResults, 0o700)
 }
 
 func (c *Container) getHealthCheckLogDestination() string {

libpod/lock/file/file_lock.go

@@ -27,7 +27,7 @@ func CreateFileLock(path string) (*FileLocks, error) {
 	if err == nil {
 		return nil, fmt.Errorf("directory %s exists: %w", path, syscall.EEXIST)
 	}
-	if err := os.MkdirAll(path, 0711); err != nil {
+	if err := os.MkdirAll(path, 0o711); err != nil {
 		return nil, err
 	}
 
@@ -81,7 +81,7 @@ func (locks *FileLocks) AllocateLock() (uint32, error) {
 	id := uint32(0)
 	for ; ; id++ {
 		path := locks.getLockPath(id)
-		f, err := os.OpenFile(path, os.O_RDWR|os.O_CREATE|os.O_EXCL, 0666)
+		f, err := os.OpenFile(path, os.O_RDWR|os.O_CREATE|os.O_EXCL, 0o666)
 		if err != nil {
 			if os.IsExist(err) {
 				continue
@@ -103,7 +103,7 @@ func (locks *FileLocks) AllocateGivenLock(lck uint32) error {
 		return fmt.Errorf("locks have already been closed: %w", syscall.EINVAL)
 	}
 
-	f, err := os.OpenFile(locks.getLockPath(lck), os.O_RDWR|os.O_CREATE|os.O_EXCL, 0666)
+	f, err := os.OpenFile(locks.getLockPath(lck), os.O_RDWR|os.O_CREATE|os.O_EXCL, 0o666)
 	if err != nil {
 		return fmt.Errorf("creating lock %d: %w", lck, err)
 	}

libpod/oci_conmon_common.go

@@ -149,10 +149,10 @@ func newConmonOCIRuntime(name string, paths []string, conmonPath string, runtime
 	runtime.persistDir = filepath.Join(runtime.tmpDir, "persist")
 
 	// Create the exit files and attach sockets directories
-	if err := os.MkdirAll(runtime.exitsDir, 0750); err != nil {
+	if err := os.MkdirAll(runtime.exitsDir, 0o750); err != nil {
 		return nil, fmt.Errorf("creating OCI runtime exit files directory: %w", err)
 	}
-	if err := os.MkdirAll(runtime.persistDir, 0750); err != nil {
+	if err := os.MkdirAll(runtime.persistDir, 0o750); err != nil {
 		return nil, fmt.Errorf("creating OCI runtime persist directory: %w", err)
 	}
 	return runtime, nil
@@ -1285,7 +1285,7 @@ func (r *ConmonOCIRuntime) sharedConmonArgs(ctr *Container, cuuid, bundlePath, p
 	// This is needed as conmon writes the exit and oom file in the given persist directory path as just "exit" and "oom"
 	// So creating a directory with the container ID under the persist dir will help keep track of which container the
 	// exit and oom files belong to.
-	if err := os.MkdirAll(persistDir, 0750); err != nil {
+	if err := os.MkdirAll(persistDir, 0o750); err != nil {
 		return nil, fmt.Errorf("creating OCI runtime oom files directory for ctr %q: %w", ctr.ID(), err)
 	}
 

libpod/oci_conmon_exec_common.go

@@ -782,7 +782,7 @@ func (c *Container) prepareProcessExec(options *ExecOptions, env []string, sessi
 		return nil, err
 	}
 
-	if err := os.WriteFile(f.Name(), processJSON, 0644); err != nil {
+	if err := os.WriteFile(f.Name(), processJSON, 0o644); err != nil {
 		return nil, err
 	}
 	return f, nil

libpod/options.go

@@ -1040,7 +1040,7 @@ func WithLogPath(path string) CtrCreateOption {
 		}
 		if isDirectory(path) {
 			containerDir := filepath.Join(path, ctr.ID())
-			if err := os.Mkdir(containerDir, 0755); err != nil {
+			if err := os.Mkdir(containerDir, 0o755); err != nil {
 				return fmt.Errorf("failed to create container log directory %s: %w", containerDir, err)
 			}