Wei Fu cf07f28ee2 *: should align pipe's owner with init process ...

The containerd-shim creates pipes and passes them to the init container as
stdin, stdout, and stderr for logging purposes. By default, these pipes are
owned by the root user (UID/GID: 0/0). The init container can access them
directly through inheritance.

However, if the init container attempts to open any files pointing to these
pipes (e.g., /proc/1/fd/2, /dev/stderr), it will encounter a permission issue
since it is not the owner. To avoid this, we need to align the ownership of
the pipes with the init process.

Fixes: #10598

Signed-off-by: Wei Fu <fuweid89@gmail.com>

2024-11-20 18:01:26 +00:00

..

annotations

cri: add pause image name to annotations

2024-04-09 22:33:58 +08:00

bandwidth

Move CRI from pkg/ to internal/

2024-02-02 10:12:08 -08:00

config

CRI: remove disable_cgroup

2024-08-15 06:08:30 +09:00

constants

Move CRI from pkg/ to internal/

2024-02-02 10:12:08 -08:00

instrument

Update errdefs to 0.3.0

2024-10-18 16:04:54 -07:00

io

Use grpc.NewClient instead of deprecated ones

2024-07-18 15:26:02 -07:00

labels

Move CRI from pkg/ to internal/

2024-02-02 10:12:08 -08:00

nri

cri: ensure NRI API never has nil CRI

2024-06-28 15:32:11 -07:00

opts

internal/cri: simplify netns setup with pinned userns

2024-09-11 07:21:43 +08:00

server

*: should align pipe's owner with init process

2024-11-20 18:01:26 +00:00

seutil

pkg/seutil: move to internal/cri

2024-03-20 11:11:24 +01:00

store

sandbox: merge address and protocol to one url

2024-04-30 15:28:00 +08:00

systemd

pkg/systemd: move to internal/cri

2024-03-20 11:05:25 +01:00

testing

Move CRI from pkg/ to internal/

2024-02-02 10:12:08 -08:00

types

Remove cri SandboxInfo RuntimeHandler

2024-08-29 15:50:14 -07:00

util

dedup BuildLabels

2024-10-21 13:23:25 -04:00