mirror of
https://github.com/opencontainers/runc.git
synced 2025-10-07 00:12:53 +08:00
86a85582d2
A boolean field named GidMappingsEnableSetgroups was added to SysProcAttr in Go1.5. This field determines the value of the process's setgroups proc entry. Since the default is to set the entry to 'deny', calling setgroups will fail on systems running kernels 3.19+. Set GidMappingsEnableSetgroups to true so setgroups wont be set to 'deny'. Signed-off-by: Ido Yariv <ido@wizery.com>
12 lines
293 B
Go
12 lines
293 B
Go
// +build linux,go1.5
|
|
|
|
package libcontainer
|
|
|
|
import "syscall"
|
|
|
|
// Set the GidMappingsEnableSetgroups member to true, so the process's
|
|
// setgroups proc entry wont be set to 'deny' if GidMappings are set
|
|
func enableSetgroups(sys *syscall.SysProcAttr) {
|
|
sys.GidMappingsEnableSetgroups = true
|
|
}
|