containerd

History

Ian Campbell ebafab47ca correct container "/" ownership with userns Previously "`/`" in a container was always owned by `root:root` (0/0), even if `withRemappedSnapshot` had been used. Meaning that if `withUserNamespace` is used then `/` can be remapped to `nobody:nogroup` (65534/65534). The fix is is twofold: - incrementFS should operate on the root of the tree. - when creating a new snapshot we must propagate the ownership of the topmost "lower" directory into the new "upper". Signed-off-by: Ian Campbell <ian.campbell@docker.com>	2017-08-16 19:55:55 +01:00
..
overlay_test.go	Fix ineffassign warnings	2017-08-03 08:27:15 -07:00
overlay.go	correct container "/" ownership with userns	2017-08-16 19:55:55 +01:00

Ian Campbell ebafab47ca correct container "/" ownership with userns

Previously "`/`" in a container was always owned by `root:root` (0/0), even if
`withRemappedSnapshot` had been used. Meaning that if `withUserNamespace` is
used then `/` can be remapped to `nobody:nogroup` (65534/65534).

The fix is is twofold:

- incrementFS should operate on the root of the tree.
- when creating a new snapshot we must propagate the ownership of the topmost
  "lower" directory into the new "upper".

Signed-off-by: Ian Campbell <ian.campbell@docker.com>

2017-08-16 19:55:55 +01:00

overlay_test.go

Fix ineffassign warnings

2017-08-03 08:27:15 -07:00

overlay.go

correct container "/" ownership with userns

2017-08-16 19:55:55 +01:00