diff options
author | Kevin Krakauer <krakauer@google.com> | 2021-03-23 15:40:17 -0700 |
---|---|---|
committer | gVisor bot <gvisor-bot@google.com> | 2021-03-23 15:42:12 -0700 |
commit | 92374e51976c8a47e4705943f73cecbc6a27073b (patch) | |
tree | 5f267314a82b8dbdc4638c8eb1e2c5b062890ca0 /runsc/cmd | |
parent | acb4c62885629d6d3ee977b93c27282abed0b33f (diff) |
setgid directory support in goferfs
Also adds support for clearing the setuid bit when appropriate (writing,
truncating, changing size, changing UID, or changing GID).
VFS2 only.
PiperOrigin-RevId: 364661835
Diffstat (limited to 'runsc/cmd')
-rw-r--r-- | runsc/cmd/do.go | 15 |
1 files changed, 8 insertions, 7 deletions
diff --git a/runsc/cmd/do.go b/runsc/cmd/do.go index 22c1dfeb8..455c57692 100644 --- a/runsc/cmd/do.go +++ b/runsc/cmd/do.go @@ -42,10 +42,11 @@ var errNoDefaultInterface = errors.New("no default interface found") // Do implements subcommands.Command for the "do" command. It sets up a simple // sandbox and executes the command inside it. See Usage() for more details. type Do struct { - root string - cwd string - ip string - quiet bool + root string + cwd string + ip string + quiet bool + overlay bool } // Name implements subcommands.Command.Name. @@ -76,6 +77,7 @@ func (c *Do) SetFlags(f *flag.FlagSet) { f.StringVar(&c.cwd, "cwd", ".", "path to the current directory, defaults to the current directory") f.StringVar(&c.ip, "ip", "192.168.10.2", "IPv4 address for the sandbox") f.BoolVar(&c.quiet, "quiet", false, "suppress runsc messages to stdout. Application output is still sent to stdout and stderr") + f.BoolVar(&c.overlay, "force-overlay", true, "use an overlay. WARNING: disabling gives the command write access to the host") } // Execute implements subcommands.Command.Execute. @@ -100,9 +102,8 @@ func (c *Do) Execute(_ context.Context, f *flag.FlagSet, args ...interface{}) su return Errorf("Error to retrieve hostname: %v", err) } - // Map the entire host file system, but make it readonly with a writable - // overlay on top (ignore --overlay option). - conf.Overlay = true + // Map the entire host file system, optionally using an overlay. + conf.Overlay = c.overlay absRoot, err := resolvePath(c.root) if err != nil { return Errorf("Error resolving root: %v", err) |