containerd

github/containerd

Fork 0

Commit Graph

Author	SHA1	Message	Date
Wei Fu	cf07f28ee2	*: should align pipe's owner with init process The containerd-shim creates pipes and passes them to the init container as stdin, stdout, and stderr for logging purposes. By default, these pipes are owned by the root user (UID/GID: 0/0). The init container can access them directly through inheritance. However, if the init container attempts to open any files pointing to these pipes (e.g., /proc/1/fd/2, /dev/stderr), it will encounter a permission issue since it is not the owner. To avoid this, we need to align the ownership of the pipes with the init process. Fixes: #10598 Signed-off-by: Wei Fu <fuweid89@gmail.com>	2024-11-20 18:01:26 +00:00

Author

SHA1

Message

Date

Wei Fu

cf07f28ee2

*: should align pipe's owner with init process

The containerd-shim creates pipes and passes them to the init container as
stdin, stdout, and stderr for logging purposes. By default, these pipes are
owned by the root user (UID/GID: 0/0). The init container can access them
directly through inheritance.

However, if the init container attempts to open any files pointing to these
pipes (e.g., /proc/1/fd/2, /dev/stderr), it will encounter a permission issue
since it is not the owner. To avoid this, we need to align the ownership of
the pipes with the init process.

Fixes: #10598

Signed-off-by: Wei Fu <fuweid89@gmail.com>

2024-11-20 18:01:26 +00:00

1 Commits