jasder
/
runc
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity

The setupUserNamespace function is always called. 

The function is called even if the usernamespace is not set.
This results having wrong uid/gid set on devices.

This fix add a test to check if usernamespace is set befor calling
setupUserNamespace.

Fixes #1742

Signed-off-by: Julien Lavesque <julien.lavesque@gmail.com>
This commit is contained in:
ynirk 2018-02-26 11:47:15 +01:00
parent b50fa98d9e
commit 2420eb1f4d
1 changed files with 5 additions and 3 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

8
libcontainer/specconv/spec_linux.go
View File

@ -192,9 +192,6 @@ func CreateLibcontainerConfig(opts *CreateOpts) (*configs.Config, error) {
if err := createDevices(spec, config); err != nil { if err := createDevices(spec, config); err != nil {
return nil, err return nil, err
} }
if err := setupUserNamespace(spec, config); err != nil {
return nil, err
}
c, err := createCgroupConfig(opts) c, err := createCgroupConfig(opts)
if err != nil { if err != nil {
return nil, err return nil, err
@ -226,6 +223,11 @@ func CreateLibcontainerConfig(opts *CreateOpts) (*configs.Config, error) {
}, },
} }
} }
if config.Namespaces.Contains(configs.NEWUSER) {
if err := setupUserNamespace(spec, config); err != nil {
return nil, err
}
}
config.MaskPaths = spec.Linux.MaskedPaths config.MaskPaths = spec.Linux.MaskedPaths
config.ReadonlyPaths = spec.Linux.ReadonlyPaths config.ReadonlyPaths = spec.Linux.ReadonlyPaths
config.MountLabel = spec.Linux.MountLabel config.MountLabel = spec.Linux.MountLabel