github/containerd
4
0
Fork 0
Code Issues Pull Requests Packages Projects Releases 2 Wiki Activity

Add RunAsGroup support.

Browse Source 
Signed-off-by: Lantao Liu <lantaol@google.com>
This commit is contained in:
Lantao Liu
2018-03-30 22:26:07 +00:00
parent f99f0be5ae
commit ed20174ce4
10 changed files with 174 additions and 70 deletions
Download Patch File Download Diff File Expand all files Collapse all files

12
pkg/server/sandbox_run.go
View File

@@ -145,8 +145,16 @@ func (c *criService) RunPodSandbox(ctx context.Context, r *runtime.RunPodSandbox
logrus.Debugf("Sandbox container spec: %+v", spec)
var specOpts []oci.SpecOpts
if uid := securityContext.GetRunAsUser(); uid != nil {
specOpts = append(specOpts, oci.WithUserID(uint32(uid.GetValue())))
userstr, err := generateUserString(
"",
securityContext.GetRunAsUser(),
securityContext.GetRunAsGroup(),
)
if err != nil {
return nil, errors.Wrap(err, "failed to generate user string")
}
if userstr != "" {
specOpts = append(specOpts, oci.WithUser(userstr))
}
seccompSpecOpts, err := generateSeccompSpecOpts(