summaryrefslogtreecommitdiffhomepage
path: root/runsc/sandbox
diff options
context:
space:
mode:
authorNicolas Lacasse <nlacasse@google.com>2018-09-10 09:59:03 -0700
committerShentubot <shentubot@google.com>2018-09-10 10:00:16 -0700
commite198f9ab02874caeef65f16c0546af1e52e9a7d3 (patch)
treed09db056604c97bd439c9ffdc99b12d795d969fd /runsc/sandbox
parent0c0c942327468e605f5b71cd6ffa75dda6e24fdc (diff)
runsc: Chmod all mounted files to 777 inside chroot.
Inside the chroot, we run as user nobody, so all mounted files and directories must be accessible to all users. PiperOrigin-RevId: 212284805 Change-Id: I705e0dbbf15e01e04e0c7f378a99daffe6866807
Diffstat (limited to 'runsc/sandbox')
-rw-r--r--runsc/sandbox/chroot.go11
1 files changed, 10 insertions, 1 deletions
diff --git a/runsc/sandbox/chroot.go b/runsc/sandbox/chroot.go
index a77a186c2..f35d9c72d 100644
--- a/runsc/sandbox/chroot.go
+++ b/runsc/sandbox/chroot.go
@@ -36,7 +36,16 @@ func mountInChroot(chroot, src, dst, typ string, flags uint32) error {
chrootDst := filepath.Join(chroot, dst)
log.Infof("Mounting %q at %q", src, chrootDst)
- return specutils.Mount(src, chrootDst, typ, flags)
+ if err := specutils.Mount(src, chrootDst, typ, flags); err != nil {
+ return fmt.Errorf("error mounting %q at %q: %v", src, chrootDst, err)
+ }
+
+ // Make sure the mount is accessible to all users, since we will be
+ // running as nobody inside the chroot.
+ if err := os.Chmod(chrootDst, 0777); err != nil {
+ return fmt.Errorf("Chmod(%q) failed: %v", chroot, err)
+ }
+ return nil
}
// setUpChroot creates an empty directory with runsc mounted at /runsc, proc