add additional-gids to runc exec #1608
Merged
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This flag allows specifying additional gids for the process. Without this flag, the user will have to provide process.json which allows additional gids. Closes opencontainers#1306 Signed-off-by: Sumit Sanghrajka <[email protected]>
Signed-off-by: Sumit Sanghrajka <[email protected]>
|
@cyphar how should this work in userns? See travis failures for context. |
cyphar
reviewed
Oct 10, 2017
tests/integration/exec.bats
Outdated
|
|
||
| @test "runc exec --additional-gids" { | ||
| # --user can't work in rootless containers that don't have idmap. | ||
| [[ "$ROOTLESS" -ne 0 ]] && requires rootless_idmap |
There was a problem hiding this comment.
--additional-gids cannot ever work in a rootless container, because setgroups is disabled. This should just be requires root. In this case, the specconv error is correct here.
Signed-off-by: Michael Crosby <[email protected]>
|
Ok, updated to skip that test when rootless is running. Good to review now |
|
LGTM. |
|
As an aside, we probably should add (privileged) user namespace integration tests for cases like this. But we can work on that in the future. |
|
LGTM |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Closes #1307
This is a carry of #1307