mirror of
https://github.com/opencontainers/runc.git
synced 2025-10-31 02:56:25 +08:00
339edce03e
This updates the console handling to chown the console on creation to the root user within the container. This also moves the setup mounts from the userns sidecar process into the main init processes by trying to mknod devices, if it fails on an EPERM then bind mount the device from the host into the container for use. This prevents access issues when the sidecar process mknods the device for the usernamespace returning an EPERM when writting to dev/null. This also adds some error handling for init processes and nsinit updates with added flags for testing and other functions. Signed-off-by: Michael Crosby <crosbymichael@gmail.com>
24 lines
671 B
Go
24 lines
671 B
Go
// +build linux
|
|
|
|
package libcontainer
|
|
|
|
// linuxUsernsSideCar is run to setup mounts and networking related operations
|
|
// for a user namespace enabled process as a user namespace root doesn't
|
|
// have permissions to perform these operations.
|
|
// The setup process joins all the namespaces of user namespace enabled init
|
|
// except the user namespace, so it run as root in the root user namespace
|
|
// to perform these operations.
|
|
type linuxUsernsSideCar struct {
|
|
config *initConfig
|
|
}
|
|
|
|
func (l *linuxUsernsSideCar) Init() error {
|
|
if err := setupNetwork(l.config); err != nil {
|
|
return err
|
|
}
|
|
if err := setupRoute(l.config.Config); err != nil {
|
|
return err
|
|
}
|
|
return nil
|
|
}
|