libpod: avoid chowning the rundir to root in the userns

so it is possible to remove the code to make the entire directory world accessible. Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
2025-10-19 04:03:23 +08:00 · 2024-06-18 23:09:55 +02:00
parent c81f075f43
commit 08a8429459
3 changed files with 0 additions and 19 deletions
--- a/libpod/container_internal_common.go
+++ b/libpod/container_internal_common.go
@ -1834,10 +1834,6 @@ func (c *Container) mountIntoRootDirs(mountName string, mountPath string) error

 // Make standard bind mounts to include in the container
 func (c *Container) makeBindMounts() error {
-	if err := idtools.SafeChown(c.state.RunDir, c.RootUID(), c.RootGID()); err != nil {
-		return fmt.Errorf("cannot chown run directory: %w", err)
-	}
-
 	if c.state.BindMounts == nil {
 		c.state.BindMounts = make(map[string]string)
 	}