The setupUserNamespace function is always called.

The function is called even if the usernamespace is not set. This results having wrong uid/gid set on devices. This fix add a test to check if usernamespace is set befor calling setupUserNamespace. Fixes #1742 Signed-off-by: Julien Lavesque <julien.lavesque@gmail.com>
2018-02-26 11:47:15 +01:00 · 2018-02-26 11:47:15 +01:00 · 2420eb1f4d
parent b50fa98d9e
commit 2420eb1f4d
1 changed files with 5 additions and 3 deletions
--- a/libcontainer/specconv/spec_linux.go
+++ b/libcontainer/specconv/spec_linux.go
@ -192,9 +192,6 @@ func CreateLibcontainerConfig(opts *CreateOpts) (*configs.Config, error) {
 	if err := createDevices(spec, config); err != nil {
 		return nil, err
 	}
-	if err := setupUserNamespace(spec, config); err != nil {
-		return nil, err
-	}
 	c, err := createCgroupConfig(opts)
 	if err != nil {
 		return nil, err
@ -226,6 +223,11 @@ func CreateLibcontainerConfig(opts *CreateOpts) (*configs.Config, error) {
 				},
 			}
 		}
+		if config.Namespaces.Contains(configs.NEWUSER) {
+			if err := setupUserNamespace(spec, config); err != nil {
+				return nil, err
+			}
+		}
 		config.MaskPaths = spec.Linux.MaskedPaths
 		config.ReadonlyPaths = spec.Linux.ReadonlyPaths
 		config.MountLabel = spec.Linux.MountLabel