The containerd-shim creates pipes and passes them to the init container as
stdin, stdout, and stderr for logging purposes. By default, these pipes are
owned by the root user (UID/GID: 0/0). The init container can access them
directly through inheritance.
However, if the init container attempts to open any files pointing to these
pipes (e.g., /proc/1/fd/2, /dev/stderr), it will encounter a permission issue
since it is not the owner. To avoid this, we need to align the ownership of
the pipes with the init process.
Fixes: #10598
Signed-off-by: Wei Fu <fuweid89@gmail.com>
- Rename test name
- Add a tag to the container image used in the tests instead of the latest tag
- Add a 5 second delay between container start and stop to ensure that the
container is fully initialized
Signed-off-by: Kirtana Ashok <Kirtana.Ashok@microsoft.com>
This commit adds supports for the ArgsEscaped
value for the image got from the dockerfile.
It is used to evaluate and process the image
entrypoint/cmd and container entrypoint/cmd
options got from the podspec.
Signed-off-by: Kirtana Ashok <Kirtana.Ashok@microsoft.com>
