[release/1.3] backport: Add back default UNIX env to container config

pkg/server/container_create.go

@@ -331,6 +331,7 @@ func (c *criService) generateContainerSpec(id string, sandboxID string, sandboxP
 		customopts.WithoutDefaultSecuritySettings,
 		customopts.WithRelativeRoot(relativeRootfsPath),
 		customopts.WithProcessArgs(config, imageConfig),
+		oci.WithDefaultPathEnv,
 		// this will be set based on the security context below
 		oci.WithNewPrivileges,
 	}

pkg/server/container_create_test.go

@@ -368,6 +368,27 @@ func TestPodAnnotationPassthroughContainerSpec(t *testing.T) {
 
 }
 
+func TestContainerSpecDefaultPath(t *testing.T) {
+	testID := "test-id"
+	testSandboxID := "sandbox-id"
+	testPid := uint32(1234)
+	expectedDefault := "PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin"
+	containerConfig, sandboxConfig, imageConfig, specCheck := getCreateContainerTestData()
+	ociRuntime := config.Runtime{}
+	c := newTestCRIService()
+	for _, pathenv := range []string{"", "PATH=/usr/local/bin/games"} {
+		expected := expectedDefault
+		if pathenv != "" {
+			imageConfig.Env = append(imageConfig.Env, pathenv)
+			expected = pathenv
+		}
+		spec, err := c.generateContainerSpec(testID, testSandboxID, testPid, containerConfig, sandboxConfig, imageConfig, nil, ociRuntime)
+		require.NoError(t, err)
+		specCheck(t, testID, testSandboxID, testPid, spec)
+		assert.Contains(t, spec.Process.Env, expected)
+	}
+}
+
 func TestContainerSpecReadonlyRootfs(t *testing.T) {
 	testID := "test-id"
 	testSandboxID := "sandbox-id"

vendor.conf

@@ -36,17 +36,18 @@ github.com/docker/go-metrics 4ea375f7759c82740c893fc030bc37088d2ec098
 github.com/docker/go-events 9461782956ad83b30282bf90e31fa6a70c255ba9
 github.com/coreos/go-systemd v14
 github.com/containerd/typeurl a93fcdb778cd272c6e9b3028b2f42d813e785d40
-github.com/containerd/ttrpc 1fb3814edf44a76e0ccf503decf726d994919a9a
-github.com/containerd/go-runc 9007c2405372fe28918845901a3276c0915689a1
-github.com/containerd/fifo 3d5202aec260678c48179c56f40e6f38a095738c
-github.com/containerd/continuity bd77b46c8352f74eb12c85bdc01f4b90f69d66b4
-github.com/containerd/containerd a3a30635ef713b544ea7feff0d12a768fd1ed636
+github.com/containerd/ttrpc 92c8520ef9f86600c650dd540266a007bf03670f
+github.com/containerd/go-runc e029b79d8cda8374981c64eba71f28ec38e5526f
+github.com/containerd/fifo bda0ff6ed73c67bfb5e62bc9c697f146b7fd7f13
+github.com/containerd/continuity f2a389ac0a02ce21c09edd7344677a601970f41c
+github.com/containerd/containerd d4802a64f9737f02db3426751f380d97fc878dec
 github.com/containerd/console 0650fd9eeb50bab4fc99dceb9f2e14cf58f36e7f
 github.com/containerd/cgroups c4b9ac5c7601384c965b9646fc515884e091ebb9
 github.com/beorn7/perks 4c0e84591b9aa9e6dcfdf3e020114cd81f89d5f9
-github.com/Microsoft/hcsshim 8abdbb8205e4192c68b5f84c31197156f31be517
+github.com/Microsoft/hcsshim 9e921883ac929bbe515b39793ece99ce3a9d7706
 github.com/Microsoft/go-winio v0.4.14
 github.com/BurntSushi/toml v0.3.1
+github.com/imdario/mergo v0.3.7
 
 # kubernetes dependencies
 sigs.k8s.io/yaml v1.1.0