zishuo/runc
1
0
Fork 0
mirror of https://github.com/opencontainers/runc.git synced 2025-10-06 16:07:09 +08:00
Code Issues Packages Projects Releases Wiki Activity

libct: rm Rootless* properties from initConfig

Browse Source 
They are passed in initConfig twice, so it does not make sense.

NB: the alternative to that would be to remove Config field from
initConfig, but it results in a much bigger patch and more maintenance
down the road.

Signed-off-by: Kir Kolyshkin <kolyshkin@gmail.com>
This commit is contained in:
Kir Kolyshkin
2025-01-15 23:28:08 -08:00
parent 2a86c35768
commit f26ec92221
3 changed files with 2 additions and 10 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
libcontainer/container_linux.go
View File

@@ -704,8 +704,6 @@ func (c *Container) newInitConfig(process *Process) *initConfig {
PassedFilesCount: len(process.ExtraFiles), PassedFilesCount: len(process.ExtraFiles),
ContainerID: c.ID(), ContainerID: c.ID(),
NoNewPrivileges: c.config.NoNewPrivileges, NoNewPrivileges: c.config.NoNewPrivileges,
RootlessEUID: c.config.RootlessEUID,
RootlessCgroups: c.config.RootlessCgroups,
AppArmorProfile: c.config.AppArmorProfile, AppArmorProfile: c.config.AppArmorProfile,
ProcessLabel: c.config.ProcessLabel, ProcessLabel: c.config.ProcessLabel,
Rlimits: c.config.Rlimits, Rlimits: c.config.Rlimits,

8
libcontainer/init_linux.go
View File

@@ -82,12 +82,6 @@ type initConfig struct {
ProcessLabel string `json:"process_label"` ProcessLabel string `json:"process_label"`
Rlimits []configs.Rlimit `json:"rlimits"` Rlimits []configs.Rlimit `json:"rlimits"`
// Properties that only exist in container config.
// FIXME: they are also passed in Config above.
RootlessEUID bool `json:"rootless_euid,omitempty"`
RootlessCgroups bool `json:"rootless_cgroups,omitempty"`
// Miscellaneous properties, filled in by [Container.newInitConfig] // Miscellaneous properties, filled in by [Container.newInitConfig]
// unless documented otherwise. // unless documented otherwise.
@@ -484,7 +478,7 @@ func setupUser(config *initConfig) error {
// There's nothing we can do about /etc/group entries, so we silently // There's nothing we can do about /etc/group entries, so we silently
// ignore setting groups here (since the user didn't explicitly ask us to // ignore setting groups here (since the user didn't explicitly ask us to
// set the group). // set the group).
allowSupGroups := !config.RootlessEUID && string(bytes.TrimSpace(setgroups)) != "deny" allowSupGroups := !config.Config.RootlessEUID && string(bytes.TrimSpace(setgroups)) != "deny"
if allowSupGroups { if allowSupGroups {
if err := unix.Setgroups(config.AdditionalGroups); err != nil { if err := unix.Setgroups(config.AdditionalGroups); err != nil {

2
libcontainer/rootfs_linux.go
View File

@@ -106,7 +106,7 @@ func prepareRootfs(pipe *syncSocket, iConfig *initConfig) (err error) {
root: config.Rootfs, root: config.Rootfs,
label: config.MountLabel, label: config.MountLabel,
cgroup2Path: iConfig.Cgroup2Path, cgroup2Path: iConfig.Cgroup2Path,
rootlessCgroups: iConfig.RootlessCgroups, rootlessCgroups: config.RootlessCgroups,
cgroupns: config.Namespaces.Contains(configs.NEWCGROUP), cgroupns: config.Namespaces.Contains(configs.NEWCGROUP),
} }
for _, m := range config.Mounts { for _, m := range config.Mounts {