Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Fix working with read-only /dev #3345

Merged
merged 3 commits into from Jan 25, 2022
Merged

Fix working with read-only /dev #3345

merged 3 commits into from Jan 25, 2022

Commits on Jan 22, 2022

  1. libct: fixStdioPermissions: minor refactoring 

    Use os/file Chown method instead of bare unix.Fchown as it already have
access to underlying fd, and produces nice-looking errors. This allows
us to remove our error wrapping and some linter annotations.

We still use unix.Fstat since os.Stat access to os-specific fields
like uid/gid is not very straightforward. The only change here is to use
file name (rather than fd) in the error text.

Signed-off-by: Kir Kolyshkin <kolyshkin@gmail.com>
    @kolyshkin
    kolyshkin committed Jan 22, 2022
    Configuration menu
    Copy the full SHA
    b7fdb68 View commit details
    Browse the repository at this point in the history

  2. libct: fixStdioPermissions: skip chown if not needed 

    Since we already called fstat, we know the current file uid. In case it
is the same as the one we want it to be, there's no point in trying
chown.

Remove the specific /dev/null check, as the above also covers it
(comparing /dev/null uid with itself is true).

This also fixes runc exec with read-only /dev for root user.

Signed-off-by: Kir Kolyshkin <kolyshkin@gmail.com>
    @kolyshkin
    kolyshkin committed Jan 22, 2022
    Configuration menu
    Copy the full SHA
    18c4760 View commit details
    Browse the repository at this point in the history

  3. libct: fixStdioPermissions: ignore EROFS 

    In case of a read-only /dev, it's better to move on and let whatever is
run in a container to handle any possible errors.

This solves runc exec for a user with read-only /dev.

Signed-off-by: Kir Kolyshkin <kolyshkin@gmail.com>
    @kolyshkin
    kolyshkin committed Jan 22, 2022
    Configuration menu
    Copy the full SHA
    146c8c0 View commit details
    Browse the repository at this point in the history