fix permission denied

when exec as root and config.Cwd is not owned by root, exec will fail because root doesn't have the caps. So, Chdir should be done before setting the caps. Signed-off-by: Kurnia D Win <kurnia.d.win@gmail.com>
haircommander · Jul 18, 2019 · 5e0e67d · 5e0e67d
1 parent 6cccc17
commit 5e0e67d
Showing 1 changed file with 6 additions and 5 deletions.
diff --git a/libcontainer/init_linux.go b/libcontainer/init_linux.go
@@ -127,6 +127,12 @@ func finalizeNamespace(config *initConfig) error {
 		return errors.Wrap(err, "close exec fds")
 	}
 
+	if config.Cwd != "" {
+		if err := unix.Chdir(config.Cwd); err != nil {
+			return fmt.Errorf("chdir to cwd (%q) set in config.json failed: %v", config.Cwd, err)
+		}
+	}
+
 	capabilities := &configs.Capabilities{}
 	if config.Capabilities != nil {
 		capabilities = config.Capabilities
@@ -154,11 +160,6 @@ func finalizeNamespace(config *initConfig) error {
 	if err := w.ApplyCaps(); err != nil {
 		return errors.Wrap(err, "apply caps")
 	}
-	if config.Cwd != "" {
-		if err := unix.Chdir(config.Cwd); err != nil {
-			return fmt.Errorf("chdir to cwd (%q) set in config.json failed: %v", config.Cwd, err)
-		}
-	}
 	return nil
 }