From f51e0486d4f3bd25371c9449de27a3d966b813e3 Mon Sep 17 00:00:00 2001
From: Fabricio Voznika <fvoznika@google.com>
Date: Mon, 12 Jul 2021 16:52:53 -0700
Subject: Fix stdios ownership

Set stdio ownership based on the container's user to ensure the
user can open/read/write to/from stdios.

1. stdios in the host are changed to have the owner be the same
uid/gid of the process running the sandbox. This ensures that the
sandbox has full control over it.
2. stdios owner owner inside the sandbox is changed to match the
container's user to give access inside the container and make it
behave the same as runc.

Fixes #6180

PiperOrigin-RevId: 384347009
---
 pkg/sentry/fdimport/BUILD | 1 +
 1 file changed, 1 insertion(+)

(limited to 'pkg/sentry/fdimport/BUILD')

diff --git a/pkg/sentry/fdimport/BUILD b/pkg/sentry/fdimport/BUILD
index 6b4f8b0ed..563e96e0d 100644
--- a/pkg/sentry/fdimport/BUILD
+++ b/pkg/sentry/fdimport/BUILD
@@ -15,6 +15,7 @@ go_library(
         "//pkg/sentry/fs/host",
         "//pkg/sentry/fsimpl/host",
         "//pkg/sentry/kernel",
+        "//pkg/sentry/kernel/auth",
         "//pkg/sentry/vfs",
     ],
 )
-- 
cgit v1.2.3