github/containerd
2
0
Fork 0
Code Issues Pull Requests Packages Projects Releases 2 Wiki Activity
c403b64231
containerd/internal/cri
History
Wei Fu cf07f28ee2 *: should align pipe's owner with init process 
The containerd-shim creates pipes and passes them to the init container as
stdin, stdout, and stderr for logging purposes. By default, these pipes are
owned by the root user (UID/GID: 0/0). The init container can access them
directly through inheritance.

However, if the init container attempts to open any files pointing to these
pipes (e.g., /proc/1/fd/2, /dev/stderr), it will encounter a permission issue
since it is not the owner. To avoid this, we need to align the ownership of
the pipes with the init process.

Fixes: #10598

Signed-off-by: Wei Fu <fuweid89@gmail.com>
2024-11-20 18:01:26 +00:00
..
annotations cri: add pause image name to annotations 2024-04-09 22:33:58 +08:00
bandwidth Move CRI from pkg/ to internal/ 2024-02-02 10:12:08 -08:00
config CRI: remove disable_cgroup 2024-08-15 06:08:30 +09:00
constants Move CRI from pkg/ to internal/ 2024-02-02 10:12:08 -08:00
instrument Update errdefs to 0.3.0 2024-10-18 16:04:54 -07:00
io Use grpc.NewClient instead of deprecated ones 2024-07-18 15:26:02 -07:00
labels Move CRI from pkg/ to internal/ 2024-02-02 10:12:08 -08:00
nri cri: ensure NRI API never has nil CRI 2024-06-28 15:32:11 -07:00
opts internal/cri: simplify netns setup with pinned userns 2024-09-11 07:21:43 +08:00
server *: should align pipe's owner with init process 2024-11-20 18:01:26 +00:00
seutil pkg/seutil: move to internal/cri 2024-03-20 11:11:24 +01:00
store sandbox: merge address and protocol to one url 2024-04-30 15:28:00 +08:00
systemd pkg/systemd: move to internal/cri 2024-03-20 11:05:25 +01:00
testing Move CRI from pkg/ to internal/ 2024-02-02 10:12:08 -08:00
types Remove cri SandboxInfo RuntimeHandler 2024-08-29 15:50:14 -07:00
util dedup BuildLabels 2024-10-21 13:23:25 -04:00