summaryrefslogtreecommitdiffhomepage
path: root/runsc/boot
diff options
context:
space:
mode:
Diffstat (limited to 'runsc/boot')
-rw-r--r--runsc/boot/fs.go13
-rw-r--r--runsc/boot/loader.go1
2 files changed, 14 insertions, 0 deletions
diff --git a/runsc/boot/fs.go b/runsc/boot/fs.go
index 4bff0d034..7e95e1f41 100644
--- a/runsc/boot/fs.go
+++ b/runsc/boot/fs.go
@@ -81,6 +81,19 @@ func addOverlay(ctx context.Context, conf *Config, lower *fs.Inode, name string,
if err != nil {
return nil, fmt.Errorf("creating tmpfs overlay: %v", err)
}
+
+ // Replicate permissions and owner from lower to upper mount point.
+ attr, err := lower.UnstableAttr(ctx)
+ if err != nil {
+ return nil, fmt.Errorf("reading attributes from lower mount point: %v", err)
+ }
+ if !upper.InodeOperations.SetPermissions(ctx, upper, attr.Perms) {
+ return nil, fmt.Errorf("error setting permission to upper mount point")
+ }
+ if err := upper.InodeOperations.SetOwner(ctx, upper, attr.Owner); err != nil {
+ return nil, fmt.Errorf("setting owner to upper mount point: %v", err)
+ }
+
return fs.NewOverlayRoot(ctx, upper, lower, upperFlags)
}
diff --git a/runsc/boot/loader.go b/runsc/boot/loader.go
index b91553c4c..50cac0433 100644
--- a/runsc/boot/loader.go
+++ b/runsc/boot/loader.go
@@ -281,6 +281,7 @@ func New(args Args) (*Loader, error) {
RootUTSNamespace: kernel.NewUTSNamespace(args.Spec.Hostname, args.Spec.Hostname, creds.UserNamespace),
RootIPCNamespace: kernel.NewIPCNamespace(creds.UserNamespace),
RootAbstractSocketNamespace: kernel.NewAbstractSocketNamespace(),
+ PIDNamespace: kernel.NewRootPIDNamespace(creds.UserNamespace),
}); err != nil {
return nil, fmt.Errorf("initializing kernel: %v", err)
}
generated by cgit v1.2.3 (git 2.39.1) at 2024-11-23 19:58:23 +0000