jasder
/
runc
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity

fix permission denied 

when exec as root and config.Cwd is not owned by root, exec will fail
because root doesn't have the caps.

So, Chdir should be done before setting the caps.

Signed-off-by: Kurnia D Win <kurnia.d.win@gmail.com>
This commit is contained in:
Kurnia D Win 2019-07-18 05:57:23 +07:00
parent 6cccc1760d
commit 5e0e67d76c
No known key found for this signature in database
GPG Key ID: D16402FFB84F7106
1 changed files with 6 additions and 5 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

11
libcontainer/init_linux.go
View File

@ -127,6 +127,12 @@ func finalizeNamespace(config *initConfig) error {
return errors.Wrap(err, "close exec fds")
}
if config.Cwd != "" {
if err := unix.Chdir(config.Cwd); err != nil {
return fmt.Errorf("chdir to cwd (%q) set in config.json failed: %v", config.Cwd, err)
}
}
capabilities := &configs.Capabilities{}
if config.Capabilities != nil {
capabilities = config.Capabilities
@ -154,11 +160,6 @@ func finalizeNamespace(config *initConfig) error {
if err := w.ApplyCaps(); err != nil {
return errors.Wrap(err, "apply caps")
}
if config.Cwd != "" {
if err := unix.Chdir(config.Cwd); err != nil {
return fmt.Errorf("chdir to cwd (%q) set in config.json failed: %v", config.Cwd, err)
}
}
return nil
}