summaryrefslogtreecommitdiffhomepage
path: root/runsc/boot
diff options
context:
space:
mode:
authorNicolas Lacasse <nlacasse@google.com>2018-09-07 10:15:34 -0700
committerShentubot <shentubot@google.com>2018-09-07 10:16:39 -0700
commit210c2520890ea48d551c0c9fffe890a7c60fb802 (patch)
tree4f431b5737cd9e6a7c8c33e459242c3404eab7c0 /runsc/boot
parent590d8320992d74e54e2c095c68c49abc2b23dcbe (diff)
runsc: Run sandbox process inside minimal chroot.
We construct a dir with the executable bind-mounted at /exe, and proc mounted at /proc. Runsc now executes the sandbox process inside this chroot, thus limiting access to the host filesystem. The mounts and chroot dir are removed when the sandbox is destroyed. Because this requires bind-mounts, we can only do the chroot if we have CAP_SYS_ADMIN. PiperOrigin-RevId: 211994001 Change-Id: Ia71c515e26085e0b69b833e71691830148bc70d1
Diffstat (limited to 'runsc/boot')
-rw-r--r--runsc/boot/config.go9
1 files changed, 5 insertions, 4 deletions
diff --git a/runsc/boot/config.go b/runsc/boot/config.go
index 87a47dd0b..28a1600cd 100644
--- a/runsc/boot/config.go
+++ b/runsc/boot/config.go
@@ -214,10 +214,11 @@ type Config struct {
// SIGUSR2(12) to troubleshoot hangs. -1 disables it.
PanicSignal int
- // TestOnlyAllowRunAsCurrentUser should only be used in tests. It
- // allows runsc to start the sandbox process as the current user if we
- // do not have capability to set uid/gid to another user.
- TestOnlyAllowRunAsCurrentUser bool
+ // TestOnlyAllowRunAsCurrentUserWithoutChroot should only be used in
+ // tests. It allows runsc to start the sandbox process as the current
+ // user, and without chrooting the sandbox process. This can be
+ // necessary in test environments that have limited capabilities.
+ TestOnlyAllowRunAsCurrentUserWithoutChroot bool
}
// ToFlags returns a slice of flags that correspond to the given Config.