opensource/podman
1
0
Fork 0
mirror of https://github.com/containers/podman.git synced 2025-08-06 03:19:52 +08:00
Code Issues Packages Projects Releases Wiki Activity

Add container GID to additional groups

Browse Source 
Mitigates a potential permissions issue. Mirrors Buildah PR #4200
and CRI-O PR #6159.

Signed-off-by: Matthew Heon <mheon@redhat.com>
This commit is contained in:
Matthew Heon
2022-09-02 13:40:29 -04:00
parent 0e66f75f2a
commit d82a41687e
3 changed files with 14 additions and 3 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
pkg/specgen/namespaces.go
View File

@ -510,6 +510,7 @@ func SetupUserNS(idmappings *storage.IDMappingOptions, userns Namespace, g *gene
idmappings = mappings
g.SetProcessUID(uint32(uid))
g.SetProcessGID(uint32(gid))
g.AddProcessAdditionalGid(uint32(gid))
user = fmt.Sprintf("%d:%d", uid, gid)
if err := privateUserNamespace(idmappings, g); err != nil {
return user, err
@ -522,6 +523,7 @@ func SetupUserNS(idmappings *storage.IDMappingOptions, userns Namespace, g *gene
idmappings = mappings
g.SetProcessUID(uint32(uid))
g.SetProcessGID(uint32(gid))
g.AddProcessAdditionalGid(uint32(gid))
user = fmt.Sprintf("%d:%d", uid, gid)
if err := privateUserNamespace(idmappings, g); err != nil {
return user, err