Skip to content

Commit

Permalink
Merge pull request #3731 from kolyshkin/1.1-fix-dev-null
Browse files Browse the repository at this point in the history
[1.1] libcontainer: skip chown of /dev/null caused by fd redirection
  • Loading branch information
AkihiroSuda authored Feb 9, 2023
2 parents bec9736 + 9233b3d commit 3775df9
Show file tree
Hide file tree
Showing 2 changed files with 19 additions and 3 deletions.
5 changes: 3 additions & 2 deletions libcontainer/init_linux.go
Original file line number Diff line number Diff line change
Expand Up @@ -411,8 +411,9 @@ func fixStdioPermissions(u *user.ExecUser) error {
return &os.PathError{Op: "fstat", Path: file.Name(), Err: err}
}

// Skip chown if uid is already the one we want.
if int(s.Uid) == u.Uid {
// Skip chown if uid is already the one we want or any of the STDIO descriptors
// were redirected to /dev/null.
if int(s.Uid) == u.Uid || s.Rdev == null.Rdev {
continue
}

Expand Down
17 changes: 16 additions & 1 deletion tests/integration/exec.bats
Original file line number Diff line number Diff line change
Expand Up @@ -125,10 +125,25 @@ function teardown() {

runc exec --user 1000:1000 test_busybox id
[ "$status" -eq 0 ]

[[ "${output}" == "uid=1000 gid=1000"* ]]
}

# https://github.com/opencontainers/runc/issues/3674.
@test "runc exec --user vs /dev/null ownership" {
requires root

runc run -d --console-socket "$CONSOLE_SOCKET" test_busybox
[ "$status" -eq 0 ]

ls -l /dev/null
__runc exec -d --user 1000:1000 test_busybox id </dev/null
ls -l /dev/null
UG=$(stat -c %u:%g /dev/null)

# Host's /dev/null must be owned by root.
[ "$UG" = "0:0" ]
}

@test "runc exec --additional-gids" {
requires root

Expand Down

0 comments on commit 3775df9

Please sign in to comment.