450a0907cf
reason: when exec as root and config.Cwd is not owned by root, exec will fail because root doesn't have the caps. Signed-off-by: Kurnia D Win <kurnia.d.win@gmail.com> Signed-off-by: xiadanni <xiadanni1@huawei.com>
46 lines
1.4 KiB
Diff
46 lines
1.4 KiB
Diff
From 6594d5c042a2253386820a640b3a7087e07d0df2 Mon Sep 17 00:00:00 2001
|
|
From: xiadanni <xiadanni1@huawei.com>
|
|
Date: Thu, 9 Jul 2020 15:56:54 +0800
|
|
Subject: [PATCH] runc: fix permission denied
|
|
|
|
reason: when exec as root and config.Cwd is not owned by root,
|
|
exec will fail because root doesn't have the caps.
|
|
|
|
Signed-off-by: Kurnia D Win <kurnia.d.win@gmail.com>
|
|
Signed-off-by: xiadanni <xiadanni1@huawei.com>
|
|
---
|
|
libcontainer/init_linux.go | 10 +++++-----
|
|
1 file changed, 5 insertions(+), 5 deletions(-)
|
|
|
|
diff --git a/libcontainer/init_linux.go b/libcontainer/init_linux.go
|
|
index 2a93431..73505ef 100644
|
|
--- a/libcontainer/init_linux.go
|
|
+++ b/libcontainer/init_linux.go
|
|
@@ -118,6 +118,11 @@ func finalizeNamespace(config *initConfig) error {
|
|
if err := utils.CloseExecFrom(config.PassedFilesCount + 3); err != nil {
|
|
return err
|
|
}
|
|
+ if config.Cwd != "" {
|
|
+ if err := syscall.Chdir(config.Cwd); err != nil {
|
|
+ return fmt.Errorf("chdir to cwd (%q) set in config.json failed: %v", config.Cwd, err)
|
|
+ }
|
|
+ }
|
|
|
|
capabilities := &configs.Capabilities{}
|
|
if config.Capabilities != nil {
|
|
@@ -146,11 +151,6 @@ func finalizeNamespace(config *initConfig) error {
|
|
if err := w.ApplyCaps(); err != nil {
|
|
return err
|
|
}
|
|
- if config.Cwd != "" {
|
|
- if err := syscall.Chdir(config.Cwd); err != nil {
|
|
- return fmt.Errorf("chdir to cwd (%q) set in config.json failed: %v", config.Cwd, err)
|
|
- }
|
|
- }
|
|
return nil
|
|
}
|
|
|
|
--
|
|
1.8.3.1
|
|
|