github/containerd
2
0
Fork 0
Code Issues Pull Requests Packages Projects Releases 2 Wiki Activity

Add additional GIDs by default if they exist in /etc/group

Browse Source 
If we are using an image config, we should by default add any additional
GIDs that are found from reading /etc/group, even if the default user is
root.

Signed-off-by: Phil Estes <estesp@linux.vnet.ibm.com>
This commit is contained in:
Phil Estes 2018-09-14 12:53:53 -04:00
parent 05984a966d
commit 13931e41d6
No known key found for this signature in database
GPG Key ID: 0F386284C03A1162
1 changed files with 7 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

8
oci/spec_opts.go
View File

@ -315,8 +315,14 @@ func WithImageConfigArgs(image Image, args []string) SpecOpts {
}
s.Process.Cwd = cwd
if config.User != "" {
return WithUser(config.User)(ctx, client, c, s)
if err := WithUser(config.User)(ctx, client, c, s); err != nil {
return err
}
return WithAdditionalGIDs(fmt.Sprintf("%d", s.Process.User.UID))(ctx, client, c, s)
}
// we should query the image's /etc/group for additional GIDs
// even if there is no specified user in the image config
return WithAdditionalGIDs("root")(ctx, client, c, s)
} else if s.Windows != nil {
s.Process.Env = config.Env
s.Process.Args = append(config.Entrypoint, config.Cmd...)