From 5f9284cb98ca12132e089ab5e051fd16b0b9df85 Mon Sep 17 00:00:00 2001 From: Michael Crosby Date: Tue, 10 Oct 2017 16:07:35 -0400 Subject: [PATCH] Check for negative gid Signed-off-by: Michael Crosby --- exec.go | 3 +++ tests/integration/exec.bats | 2 ++ 2 files changed, 5 insertions(+) diff --git a/exec.go b/exec.go index 01c4db8d..5696ce6e 100644 --- a/exec.go +++ b/exec.go @@ -213,6 +213,9 @@ func getProcess(context *cli.Context, bundle string) (*specs.Process, error) { p.User.UID = uint32(uid) } for _, gid := range context.Int64Slice("additional-gids") { + if gid < 0 { + return nil, fmt.Errorf("additional-gids must be a positive number %d", gid) + } p.User.AdditionalGids = append(p.User.AdditionalGids, uint32(gid)) } return p, nil diff --git a/tests/integration/exec.bats b/tests/integration/exec.bats index b1f86a38..5ad6c65c 100644 --- a/tests/integration/exec.bats +++ b/tests/integration/exec.bats @@ -114,6 +114,8 @@ function teardown() { } @test "runc exec --additional-gids" { + requires root + # run busybox detached runc run -d --console-socket $CONSOLE_SOCKET test_busybox [ "$status" -eq 0 ]