From 5f08f8fd8162fa2fc2ca7b862263081d8d07b206 Mon Sep 17 00:00:00 2001
From: Andrei Vagin <avagin@google.com>
Date: Tue, 22 Jan 2019 16:45:45 -0800
Subject: Don't bind-mount runsc into a sandbox mntns

PiperOrigin-RevId: 230437407
Change-Id: Id9d8ceeb018aad2fe317407c78c6ee0f4b47aa2b
---
 runsc/container/container.go | 6 ++----
 1 file changed, 2 insertions(+), 4 deletions(-)

(limited to 'runsc/container')

diff --git a/runsc/container/container.go b/runsc/container/container.go
index 2d4b85d9f..6d88dff7f 100644
--- a/runsc/container/container.go
+++ b/runsc/container/container.go
@@ -818,12 +818,10 @@ func (c *Container) createGoferProcess(spec *specs.Spec, conf *boot.Config, bund
 		args = append(args, fmt.Sprintf("--io-fds=%d", nextFD))
 	}
 
-	binPath, err := specutils.BinPath()
-	if err != nil {
-		return nil, err
-	}
+	binPath := specutils.ExePath
 	cmd := exec.Command(binPath, args...)
 	cmd.ExtraFiles = goferEnds
+	cmd.Args[0] = "runsc-gofer"
 
 	// Enter new namespaces to isolate from the rest of the system. Don't unshare
 	// cgroup because gofer is added to a cgroup in the caller's namespace.
-- 
cgit v1.2.3