Merge 356d1be1 (automated)

author: gVisor bot <gvisor-bot@google.com> 2019-06-12 16:49:53 +0000
committer: gVisor bot <gvisor-bot@google.com> 2019-06-12 16:49:53 +0000
commit: 095902985ff143b8ec34691c30e735f62521ee4c (patch)
tree: cd39d992f8cd96efe5fd9a15755ae458c3e727c5 /runsc/boot
parent: 19b473c6e2fe412c0e96c8b9e4672922da19471a (diff)
parent: 356d1be140bb51f2a50d2c7fe24242cbfeedc9d6 (diff)
1 files changed, 7 insertions, 0 deletions
diff --git a/runsc/boot/config.go b/runsc/boot/config.go
index 8564c502d..6112b6c0a 100644
--- a/runsc/boot/config.go
+++ b/runsc/boot/config.go
@@ -226,6 +226,12 @@ type Config struct {
 	// to the same underlying network device. This allows netstack to better
 	// scale for high throughput use cases.
 	NumNetworkChannels int
+
+	// Rootless allows the sandbox to be started with a user that is not root.
+	// Defense is depth measures are weaker with rootless. Specifically, the
+	// sandbox and Gofer process run as root inside a user namespace with root
+	// mapped to the caller's user.
+	Rootless bool
 }
 
 // ToFlags returns a slice of flags that correspond to the given Config.
@@ -250,6 +256,7 @@ func (c *Config) ToFlags() []string {
 		"--profile=" + strconv.FormatBool(c.ProfileEnable),
 		"--net-raw=" + strconv.FormatBool(c.EnableRaw),
 		"--num-network-channels=" + strconv.Itoa(c.NumNetworkChannels),
+		"--rootless=" + strconv.FormatBool(c.Rootless),
 	}
 	if c.TestOnlyAllowRunAsCurrentUserWithoutChroot {
 		// Only include if set since it is never to be used by users.
author	gVisor bot <gvisor-bot@google.com>	2019-06-12 16:49:53 +0000
committer	gVisor bot <gvisor-bot@google.com>	2019-06-12 16:49:53 +0000
commit	095902985ff143b8ec34691c30e735f62521ee4c (patch)
tree	cd39d992f8cd96efe5fd9a15755ae458c3e727c5 /runsc/boot
parent	19b473c6e2fe412c0e96c8b9e4672922da19471a (diff)
parent	356d1be140bb51f2a50d2c7fe24242cbfeedc9d6 (diff)