From 10adde365d31d7fe70511c5f10d99a1064dabaf5 Mon Sep 17 00:00:00 2001 From: lifubang Date: Tue, 29 Oct 2024 18:21:53 +0800 Subject: [PATCH] fix stdio permission error for runc run without detach Signed-off-by: lifubang --- libcontainer/process_linux.go | 4 ++-- tty.go | 4 ++-- utils_linux.go | 10 +++++----- 3 files changed, 9 insertions(+), 9 deletions(-) diff --git a/libcontainer/process_linux.go b/libcontainer/process_linux.go index fcbb54a3e41..b0ef8a49775 100644 --- a/libcontainer/process_linux.go +++ b/libcontainer/process_linux.go @@ -917,7 +917,7 @@ func getPipeFds(pid int) ([]string, error) { // opposite side for each. Do not use this if you want to have a pseudoterminal // set up for you by libcontainer (TODO: fix that too). // TODO: This is mostly unnecessary, and should be handled by clients. -func (p *Process) InitializeIO(rootuid, rootgid int) (i *IO, err error) { +func (p *Process) InitializeIO(containerUID, containerGID int) (i *IO, err error) { var fds []uintptr i = &IO{} // cleanup in case of an error @@ -949,7 +949,7 @@ func (p *Process) InitializeIO(rootuid, rootgid int) (i *IO, err error) { p.Stderr, i.Stderr = w, r // change ownership of the pipes in case we are in a user namespace for _, fd := range fds { - if err := unix.Fchown(int(fd), rootuid, rootgid); err != nil { + if err := unix.Fchown(int(fd), containerUID, containerGID); err != nil { return nil, &os.PathError{Op: "fchown", Path: "fd " + strconv.Itoa(int(fd)), Err: err} } } diff --git a/tty.go b/tty.go index c101aacb78b..0cd9f9b8090 100644 --- a/tty.go +++ b/tty.go @@ -31,8 +31,8 @@ func (t *tty) copyIO(w io.Writer, r io.ReadCloser) { // setup pipes for the process so that advanced features like c/r are able to easily checkpoint // and restore the process's IO without depending on a host specific path or device -func setupProcessPipes(p *libcontainer.Process, rootuid, rootgid int) (*tty, error) { - i, err := p.InitializeIO(rootuid, rootgid) +func setupProcessPipes(p *libcontainer.Process, containerUID, containerGID int) (*tty, error) { + i, err := p.InitializeIO(containerUID, containerGID) if err != nil { return nil, err } diff --git a/utils_linux.go b/utils_linux.go index feb6ef80c4a..ff0338a7e87 100644 --- a/utils_linux.go +++ b/utils_linux.go @@ -94,7 +94,7 @@ func newProcess(p specs.Process) (*libcontainer.Process, error) { } // setupIO modifies the given process config according to the options. -func setupIO(process *libcontainer.Process, rootuid, rootgid int, createTTY, detach bool, sockpath string) (*tty, error) { +func setupIO(process *libcontainer.Process, containerUID, containerGID int, createTTY, detach bool, sockpath string) (*tty, error) { if createTTY { process.Stdin = nil process.Stdout = nil @@ -140,7 +140,7 @@ func setupIO(process *libcontainer.Process, rootuid, rootgid int, createTTY, det inheritStdio(process) return &tty{}, nil } - return setupProcessPipes(process, rootuid, rootgid) + return setupProcessPipes(process, containerUID, containerGID) } // createPidFile creates a file containing the PID, @@ -237,11 +237,11 @@ func (r *runner) run(config *specs.Process) (int, error) { } process.ExtraFiles = append(process.ExtraFiles, os.NewFile(uintptr(i), "PreserveFD:"+strconv.Itoa(i))) } - rootuid, err := r.container.Config().HostRootUID() + containerUID, err := r.container.Config().HostUID(int(config.User.UID)) if err != nil { return -1, err } - rootgid, err := r.container.Config().HostRootGID() + containerGID, err := r.container.Config().HostGID(int(config.User.GID)) if err != nil { return -1, err } @@ -250,7 +250,7 @@ func (r *runner) run(config *specs.Process) (int, error) { // with detaching containers, and then we get a tty after the container has // started. handler := newSignalHandler(r.enableSubreaper, r.notifySocket) - tty, err := setupIO(process, rootuid, rootgid, config.Terminal, detach, r.consoleSocket) + tty, err := setupIO(process, containerUID, containerGID, config.Terminal, detach, r.consoleSocket) if err != nil { return -1, err }