containers
/
automation-tests
mirror of https://github.com/containers/automation-tests.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

rootless: do not configure additional groups 

Additional groups are not allowed in an userNS.

Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>

Closes: #936
Approved by: rhatdan
This commit is contained in:
Giuseppe Scrivano 2018-06-12 18:47:27 +02:00 committed by Atomic Bot
parent 4415bad6fe
commit 20862c9746
2 changed files with 3 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
libpod/container_internal.go
View File

@ -1286,7 +1286,7 @@ func (c *Container) generateSpec(ctx context.Context) (*spec.Spec, error) {
}
// Look up and add groups the user belongs to, if a group wasn't directly specified
if !strings.Contains(c.config.User, ":") {
if !rootless.IsRootless() && !strings.Contains(c.config.User, ":") {
groups, err := chrootuser.GetAdditionalGroupsForUser(c.state.Mountpoint, uint64(g.Spec().Process.User.UID))
if err != nil && errors.Cause(err) != chrootuser.ErrNoSuchUser {
return nil, err

2
pkg/rootless/rootless_linux.c
View File

@ -66,6 +66,8 @@ get_cmd_line_args (pid_t pid)
argc++;
argv = malloc (sizeof (char *) * (argc + 1));
if (argv == NULL)
return NULL;
argc = 0;
argv[argc++] = buffer;