42 lines
1.4 KiB
Diff
42 lines
1.4 KiB
Diff
|
From 52d2b0f2598c255f8fcc295e12a3ddfd4a89dd43 Mon Sep 17 00:00:00 2001
|
||
|
|
From: Jaroslav Jindrak <dzejrou@gmail.com>
|
||
|
|
Date: Fri, 20 Jan 2023 21:41:12 +0100
|
||
|
|
Subject: [PATCH 1/2] libcontainer: skip chown of /dev/null caused by fd
|
||
|
|
redirection
|
||
|
|
|
||
|
|
In 18c4760a (libct: fixStdioPermissions: skip chown if not needed)
|
||
|
|
the check whether the STDIO file descriptors point to /dev/null was
|
||
|
|
removed which can cause /dev/null to change ownership e.g. when using
|
||
|
|
docker exec on a running container:
|
||
|
|
|
||
|
|
$ ls -l /dev/null
|
||
|
|
crw-rw-rw- 1 root root 1, 3 Aug 1 14:12 /dev/null
|
||
|
|
$ docker exec -u test 0ad6d3064e9d ls
|
||
|
|
$ ls -l /dev/null
|
||
|
|
crw-rw-rw- 1 test root 1, 3 Aug 1 14:12 /dev/null
|
||
|
|
|
||
|
|
Signed-off-by: Jaroslav Jindrak <dzejrou@gmail.com>
|
||
|
|
---
|
||
|
|
libcontainer/init_linux.go | 5 +++--
|
||
|
|
1 file changed, 3 insertions(+), 2 deletions(-)
|
||
|
|
|
||
|
|
diff --git a/libcontainer/init_linux.go b/libcontainer/init_linux.go
|
||
|
|
index 1e5c394c..2e4c5935 100644
|
||
|
|
--- a/libcontainer/init_linux.go
|
||
|
|
+++ b/libcontainer/init_linux.go
|
||
|
|
@@ -411,8 +411,9 @@ func fixStdioPermissions(u *user.ExecUser) error {
|
||
|
|
return &os.PathError{Op: "fstat", Path: file.Name(), Err: err}
|
||
|
|
}
|
||
|
|
|
||
|
|
- // Skip chown if uid is already the one we want.
|
||
|
|
- if int(s.Uid) == u.Uid {
|
||
|
|
+ // Skip chown if uid is already the one we want or any of the STDIO descriptors
|
||
|
|
+ // were redirected to /dev/null.
|
||
|
|
+ if int(s.Uid) == u.Uid || s.Rdev == null.Rdev {
|
||
|
|
continue
|
||
|
|
}
|
||
|
|
|
||
|
|
--
|
||
|
|
2.33.0
|
||
|
|
|