github/containerd
2
0
Fork 0
Code Issues Pull Requests Packages Projects Releases 2 Wiki Activity
3eda46af12
containerd/pkg
History
Akihiro Suda 3eda46af12
oci: fix additional GIDs 
Test suite:
```yaml

---
apiVersion: v1
kind: Pod
metadata:
  name: test-no-option
  annotations:
    description: "Equivalent of `docker run` (no option)"
spec:
  restartPolicy: Never
  containers:
    - name: main
      image: ghcr.io/containerd/busybox:1.28
      args: ['sh', '-euxc',
             '[ "$(id)" = "uid=0(root) gid=0(root) groups=0(root),10(wheel)" ]']
---
apiVersion: v1
kind: Pod
metadata:
  name: test-group-add-1-group-add-1234
  annotations:
    description: "Equivalent of `docker run --group-add 1 --group-add 1234`"
spec:
  restartPolicy: Never
  containers:
    - name: main
      image: ghcr.io/containerd/busybox:1.28
      args: ['sh', '-euxc',
             '[ "$(id)" = "uid=0(root) gid=0(root) groups=0(root),1(daemon),10(wheel),1234" ]']
  securityContext:
    supplementalGroups: [1, 1234]
---
apiVersion: v1
kind: Pod
metadata:
  name: test-user-1234
  annotations:
    description: "Equivalent of `docker run --user 1234`"
spec:
  restartPolicy: Never
  containers:
    - name: main
      image: ghcr.io/containerd/busybox:1.28
      args: ['sh', '-euxc',
             '[ "$(id)" = "uid=1234 gid=0(root) groups=0(root)" ]']
  securityContext:
    runAsUser: 1234
---
apiVersion: v1
kind: Pod
metadata:
  name: test-user-1234-1234
  annotations:
    description: "Equivalent of `docker run --user 1234:1234`"
spec:
  restartPolicy: Never
  containers:
    - name: main
      image: ghcr.io/containerd/busybox:1.28
      args: ['sh', '-euxc',
             '[ "$(id)" = "uid=1234 gid=1234 groups=1234" ]']
  securityContext:
    runAsUser: 1234
    runAsGroup: 1234
---
apiVersion: v1
kind: Pod
metadata:
  name: test-user-1234-group-add-1234
  annotations:
    description: "Equivalent of `docker run --user 1234 --group-add 1234`"
spec:
  restartPolicy: Never
  containers:
    - name: main
      image: ghcr.io/containerd/busybox:1.28
      args: ['sh', '-euxc',
             '[ "$(id)" = "uid=1234 gid=0(root) groups=0(root),1234" ]']
  securityContext:
    runAsUser: 1234
    supplementalGroups: [1234]
```

Signed-off-by: Akihiro Suda <akihiro.suda.cz@hco.ntt.co.jp>
2023-02-10 15:53:00 +09:00
..
apparmor chore: use go fix to cleanup old +build buildtag 2022-12-29 14:25:14 +08:00
atomic use containerd/project header test 2020-04-22 19:35:37 -05:00
cap Enable dupword linter 2023-01-03 12:47:16 -08:00
cleanup Add cleanup package for context management during cleanup 2023-01-03 12:30:26 -08:00
cri oci: fix additional GIDs 2023-02-10 15:53:00 +09:00
dialer chore: use go fix to cleanup old +build buildtag 2022-12-29 14:25:14 +08:00
epoch pkg/epoch: drop timezone 2023-01-31 23:26:02 +09:00
failpoint Run gofmt 1.19 2022-08-04 18:18:33 -07:00
hasher digest: use github.com/minio/sha256-simd 2022-12-08 18:50:00 +09:00
ioutil Run gofmt 1.19 2022-08-04 18:18:33 -07:00
kmutex CRI: improve image pulling performance 2022-04-06 07:14:18 +08:00
netns Merge pull request #7879 from fuweid/clean-build-tags 2022-12-30 00:22:03 -08:00
nri chore: use go fix to cleanup old +build buildtag 2022-12-29 14:25:14 +08:00
oom chore: use go fix to cleanup old +build buildtag 2022-12-29 14:25:14 +08:00
os Move WithMounts to specs 2023-01-11 13:03:59 -08:00
process Use mount.Target to specify subdirectory of rootfs mount 2023-01-27 09:51:58 +08:00
progress update golangci-lint to v1.49.0 2022-10-12 14:41:01 +02:00
registrar feat: replace github.com/pkg/errors to errors 2022-01-07 10:27:03 +08:00
runtimeoptions/v1 Update runtime options to include bytes blob 2022-12-07 10:55:06 -08:00
schedcore add runc shim support for sched core 2021-10-08 16:18:09 +00:00
seccomp chore: use go fix to cleanup old +build buildtag 2022-12-29 14:25:14 +08:00
seed chore: use go fix to cleanup old +build buildtag 2022-12-29 14:25:14 +08:00
seutil seutil: Fix setting the "container_kvm_t" label 2021-12-14 00:09:17 +01:00
shutdown Expose Done and Err in Shutdown service 2022-11-16 22:03:44 -08:00
snapshotters Export remote snapshotter label handler 2023-02-01 23:03:23 +09:00
stdio Add logging binary support when terminal is true 2020-08-25 17:28:29 -07:00
streaming Add streaming service 2022-11-30 12:55:56 -08:00
testutil chore: use go fix to cleanup old +build buildtag 2022-12-29 14:25:14 +08:00
timeout feat: use rwmutex instead 2021-11-16 11:06:40 +08:00
transfer Unwrap proto errors in streaming client 2022-12-02 22:30:54 -08:00
truncindex CRI: Move truncindex to pkg 2022-05-26 13:02:45 -07:00
ttrpcutil using ContextDialer instead 2022-07-20 22:53:42 +08:00
unpack Use cleanup.Background instead of context.Background for cleanup 2023-01-04 11:22:24 -08:00
userns chore: use go fix to cleanup old +build buildtag 2022-12-29 14:25:14 +08:00