github/containerd
2
0
Fork 0
Code Issues Pull Requests Packages Projects Releases 2 Wiki Activity
c403b64231
containerd/internal
History
Wei Fu cf07f28ee2 *: should align pipe's owner with init process 
The containerd-shim creates pipes and passes them to the init container as
stdin, stdout, and stderr for logging purposes. By default, these pipes are
owned by the root user (UID/GID: 0/0). The init container can access them
directly through inheritance.

However, if the init container attempts to open any files pointing to these
pipes (e.g., /proc/1/fd/2, /dev/stderr), it will encounter a permission issue
since it is not the owner. To avoid this, we need to align the ownership of
the pipes with the init process.

Fixes: #10598

Signed-off-by: Wei Fu <fuweid89@gmail.com>
2024-11-20 18:01:26 +00:00
..
cleanup ignore the static check when using anonymous struct in testing 2024-08-14 14:50:39 +05:30
cri *: should align pipe's owner with init process 2024-11-20 18:01:26 +00:00
eventq Add support for multiple subscribers to CRI container events 2024-01-19 21:27:06 -08:00
failpoint Move pkg/failpoint to internal/failpoint 2024-01-17 09:56:43 -08:00
fsverity Merge pull request #10978 from austinvazquez/cherry-pick-pr-10972-to-2.0 2024-11-19 10:43:47 -08:00
kmutex Move pkg/randutil to internal/randutil 2024-01-17 09:57:10 -08:00
nri Avoid potential reallocs by pre-sizing some slices 2024-07-19 13:05:49 -07:00
pprof shim: Move pprof server to plugin 2024-10-03 00:12:50 +00:00
randutil Move pkg/randutil to internal/randutil 2024-01-17 09:57:10 -08:00
registrar Move pkg/registrar to internal/registrar 2024-01-17 09:57:19 -08:00
tomlext Move pkg/tomlext to internal/tomlext 2024-01-17 09:57:37 -08:00
truncindex Move pkg/truncindex to internal/truncindex 2024-01-17 09:57:46 -08:00
userns update ctr run to support multiple uid/gid mappings 2024-09-10 17:06:27 +00:00