github/containerd
4
0
Fork 0
Code Issues Pull Requests Packages Projects Releases 2 Wiki Activity

Merge pull request from GHSA-hmfx-3pcx-653p

Browse Source 
oci: fix additional GIDs
This commit is contained in:
Derek McGowan
2023-02-15 13:45:14 -08:00
committed by GitHub
parent 583e24a1b6 3eda46af12
commit aa6418fadd
6 changed files with 173 additions and 52 deletions
Download Patch File Download Diff File Expand all files Collapse all files

3
pkg/cri/server/container_create_linux.go
View File

@@ -373,7 +373,8 @@ func (c *criService) containerSpecOpts(config *runtime.ContainerConfig, imageCon
// Because it is still useful to get additional gids for uid 0.
userstr = strconv.FormatInt(securityContext.GetRunAsUser().GetValue(), 10)
}
specOpts = append(specOpts, customopts.WithAdditionalGIDs(userstr))
specOpts = append(specOpts, customopts.WithAdditionalGIDs(userstr),
customopts.WithSupplementalGroups(securityContext.GetSupplementalGroups()))
asp := securityContext.GetApparmor()
if asp == nil {