Add user namespace support to client

Signed-off-by: Michael Crosby <crosbymichael@gmail.com>
2017-07-26 14:26:31 -04:00
parent c3872b848f
commit a0a5cc7787
12 changed files with 271 additions and 29 deletions
--- a/linux/bundle.go
+++ b/linux/bundle.go
@@ -21,7 +21,7 @@ func loadBundle(path, namespace string) *bundle {

 // newBundle creates a new bundle on disk at the provided path for the given id
 func newBundle(path, namespace, id string, spec []byte) (b *bundle, err error) {
-	if err := os.MkdirAll(path, 0700); err != nil {
+	if err := os.MkdirAll(path, 0711); err != nil {
 		return nil, err
 	}
 	path = filepath.Join(path, id)
@@ -30,10 +30,10 @@ func newBundle(path, namespace, id string, spec []byte) (b *bundle, err error) {
 			os.RemoveAll(path)
 		}
 	}()
-	if err := os.Mkdir(path, 0700); err != nil {
+	if err := os.Mkdir(path, 0711); err != nil {
 		return nil, err
 	}
-	if err := os.Mkdir(filepath.Join(path, "rootfs"), 0700); err != nil {
+	if err := os.Mkdir(filepath.Join(path, "rootfs"), 0711); err != nil {
 		return nil, err
 	}
 	f, err := os.Create(filepath.Join(path, configFilename))
--- a/linux/runtime.go
+++ b/linux/runtime.go
@@ -68,7 +68,7 @@ type Config struct {
 }

 func New(ic *plugin.InitContext) (interface{}, error) {
-	if err := os.MkdirAll(ic.Root, 0700); err != nil {
+	if err := os.MkdirAll(ic.Root, 0711); err != nil {
 		return nil, err
 	}
 	monitor, err := ic.Get(plugin.TaskMonitorPlugin)
--- a/linux/shim/init.go
+++ b/linux/shim/init.go
@@ -120,7 +120,6 @@ func newInitProcess(context context.Context, path, namespace string, r *shimapi.
 		}
 		defer os.Remove(socket.Path())
 	} else {
-		// TODO: get uid/gid
 		if io, err = runc.NewPipeIO(0, 0); err != nil {
 			return nil, errors.Wrap(err, "failed to create OCI runtime io pipes")
 		}