github/containerd
2
0
Fork 0
Code Issues Pull Requests Packages Projects Releases 2 Wiki Activity

add the user id support of runAsUser

Browse Source 
Signed-off-by: zhangzhenhao <zhangzhenhao@outlook.com>
This commit is contained in:
zhangzhenhao 2017-08-24 23:29:45 +08:00
parent 2faa665eb2
commit 331e542c09
2 changed files with 6 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
hack/test-cri.sh
View File

@ -21,7 +21,7 @@ source $(dirname "${BASH_SOURCE[0]}")/test-utils.sh
# FOCUS focuses the test to run. # FOCUS focuses the test to run.
FOCUS=${FOCUS:-} FOCUS=${FOCUS:-}
# SKIP skips the test to skip. # SKIP skips the test to skip.
SKIP=${SKIP:-"RunAsUser"} SKIP=${SKIP:-"RunAsUserName"}
REPORT_DIR=${REPORT_DIR:-"/tmp/test-cri"} REPORT_DIR=${REPORT_DIR:-"/tmp/test-cri"}
if [[ -z "${GOPATH}" ]]; then if [[ -z "${GOPATH}" ]]; then

6
pkg/server/container_create.go
View File

@ -261,7 +261,11 @@ func (c *criContainerdService) generateContainerSpec(id string, sandboxPid uint3
// Set namespaces, share namespace with sandbox container. // Set namespaces, share namespace with sandbox container.
setOCINamespaces(&g, securityContext.GetNamespaceOptions(), sandboxPid) setOCINamespaces(&g, securityContext.GetNamespaceOptions(), sandboxPid)
// TODO(random-liu): [P1] Set user/username. // TODO(random-liu): [P1] Set username.
runAsUser := securityContext.GetRunAsUser()
if runAsUser != nil {
g.SetProcessUID(uint32(runAsUser.GetValue()))
}
supplementalGroups := securityContext.GetSupplementalGroups() supplementalGroups := securityContext.GetSupplementalGroups()
for _, group := range supplementalGroups { for _, group := range supplementalGroups {