Skip to content

Commit 13931e4

Browse files
estespestesp
committed
Add additional GIDs by default if they exist in /etc/group
If we are using an image config, we should by default add any additional GIDs that are found from reading /etc/group, even if the default user is root. Signed-off-by: Phil Estes <[email protected]>
1 parent 05984a9 commit 13931e4

1 file changed

Lines changed: 7 additions & 1 deletion

File tree

oci/spec_opts.go

Lines changed: 7 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -315,8 +315,14 @@ func WithImageConfigArgs(image Image, args []string) SpecOpts {
315315
}
316316
s.Process.Cwd = cwd
317317
if config.User != "" {
318-
return WithUser(config.User)(ctx, client, c, s)
318+
if err := WithUser(config.User)(ctx, client, c, s); err != nil {
319+
return err
320+
}
321+
return WithAdditionalGIDs(fmt.Sprintf("%d", s.Process.User.UID))(ctx, client, c, s)
319322
}
323+
// we should query the image's /etc/group for additional GIDs
324+
// even if there is no specified user in the image config
325+
return WithAdditionalGIDs("root")(ctx, client, c, s)
320326
} else if s.Windows != nil {
321327
s.Process.Env = config.Env
322328
s.Process.Args = append(config.Entrypoint, config.Cmd...)

0 commit comments

Comments
 (0)