jasder/runc - runc - 军科开源项目托管

Commit Graph

Author	SHA1	Message	Date
Ido Yariv	08366a8597	Enter existing user namespace if present When executing an additional process in a container, all namespaces are entered but the user namespace. As a result, the process may be executed as the host's root user. This has both functionality and security implications. Fix this by adding the missing user namespace to the array of namespaces. Since joining a user namespace in which the caller is already a member yields an error, skip namespaces we're already in. Last, remove a needless and buggy AT_SYMLINK_NOFOLLOW in the code. Signed-off-by: Ido Yariv <ido@wizery.com>	2015-09-21 21:49:52 -04:00
Michael Crosby	8f97d39dd2	Move libcontainer into subdirectory Signed-off-by: Michael Crosby <crosbymichael@gmail.com>	2015-06-21 19:29:15 -07:00

Author

SHA1

Message

Date

Ido Yariv

08366a8597

Enter existing user namespace if present

When executing an additional process in a container, all namespaces are
entered but the user namespace. As a result, the process may be
executed as the host's root user. This has both functionality and
security implications.

Fix this by adding the missing user namespace to the array of
namespaces. Since joining a user namespace in which the caller is
already a member yields an error, skip namespaces we're already in.

Last, remove a needless and buggy AT_SYMLINK_NOFOLLOW in the code.

Signed-off-by: Ido Yariv <ido@wizery.com>

2015-09-21 21:49:52 -04:00

Michael Crosby

8f97d39dd2

Move libcontainer into subdirectory

Signed-off-by: Michael Crosby <crosbymichael@gmail.com>

2015-06-21 19:29:15 -07:00

2 Commits