opensource/podman
1
0
Fork 0
mirror of https://github.com/containers/podman.git synced 2025-12-02 11:08:36 +08:00
Code Issues Packages Projects Releases Wiki Activity
Files
5c9fd298086da1e41f9a372b0ede53b44c6e37e1
podman/libpod/oci_conmon_exec_common.go
Giuseppe Scrivano 51ca839c14 libpod: fix handling of additional gids in exec 
change the behavior to match what Docker does.

Docker always adds the specified additional gids, no matter the user
specified to exec.

Instead the additional gids read from the /etc/group file are added
only when there is not an explicit group specified in the exec
userspec.

➜ docker run -d --name container-with-groups --group-add mail --group-add news --group-add cron --group-add ftp --rm alpine top
c4190928097f64cabb83af7cac6ec10041a9e74de359433dfd3e5b9d8a7dce1a
➜ docker exec container-with-groups id -G
0 1 2 3 4 6 10 11 12 13 16 20 21 26 27
➜ docker exec --user root container-with-groups id -G
0 1 2 3 4 6 10 11 12 13 16 20 21 26 27
➜ docker exec --user nobody container-with-groups id -G
65534 12 13 16 21
➜ docker exec --user nobody:nobody container-with-groups id -G
65534 12 13 16 21
➜ docker exec --user root:root container-with-groups id -G
0 12 13 16 21
➜ docker exec --user root:root container-with-groups id -G
0 12 13 16 21

Closes: https://github.com/containers/podman/issues/25610

Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
2025-03-19 12:56:27 +01:00

23 KiB
Raw Blame History

View Raw
Reference in New Issue View Git Blame Copy Permalink