Skip to content

Commit 41ccfba

Browse files
dmcgowandmcgowan
authored
Merge pull request #2556 from estesp/cherrypick-gid-zero
[release/1.1] Cherrypick "Set gid 0 when no group is specified" and docs update
2 parents 5627389 + 4d629f3 commit 41ccfba

2 files changed

Lines changed: 39 additions & 4 deletions

File tree

container_linux_test.go

Lines changed: 35 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -1258,3 +1258,38 @@ func TestContainerNoImage(t *testing.T) {
12581258
t.Fatalf("expected error to be %s but received %s", errdefs.ErrNotFound, err)
12591259
}
12601260
}
1261+
1262+
func TestUIDNoGID(t *testing.T) {
1263+
t.Parallel()
1264+
1265+
ctx, cancel := testContext()
1266+
defer cancel()
1267+
id := t.Name()
1268+
1269+
client, err := newClient(t, address)
1270+
if err != nil {
1271+
t.Fatal(err)
1272+
}
1273+
defer client.Close()
1274+
image, err := client.GetImage(ctx, testImage)
1275+
if err != nil {
1276+
t.Fatal(err)
1277+
}
1278+
1279+
container, err := client.NewContainer(ctx, id, WithNewSnapshot(id, image), WithNewSpec(oci.WithUserID(1000)))
1280+
if err != nil {
1281+
t.Fatal(err)
1282+
}
1283+
defer container.Delete(ctx)
1284+
1285+
spec, err := container.Spec(ctx)
1286+
if err != nil {
1287+
t.Fatal(err)
1288+
}
1289+
if uid := spec.Process.User.UID; uid != 1000 {
1290+
t.Fatalf("expected uid 1000 but received %d", uid)
1291+
}
1292+
if gid := spec.Process.User.GID; gid != 0 {
1293+
t.Fatalf("expected gid 0 but received %d", gid)
1294+
}
1295+
}

oci/spec_opts_unix.go

Lines changed: 4 additions & 4 deletions
Original file line numberDiff line numberDiff line change
@@ -348,8 +348,8 @@ func WithUIDGID(uid, gid uint32) SpecOpts {
348348

349349
// WithUserID sets the correct UID and GID for the container based
350350
// on the image's /etc/passwd contents. If /etc/passwd does not exist,
351-
// or uid is not found in /etc/passwd, it sets gid to be the same with
352-
// uid, and not returns error.
351+
// or uid is not found in /etc/passwd, it sets the requested uid,
352+
// additionally sets the gid to 0, and does not return an error.
353353
func WithUserID(uid uint32) SpecOpts {
354354
return func(ctx context.Context, client Client, c *containers.Container, s *specs.Spec) (err error) {
355355
setProcess(s)
@@ -362,7 +362,7 @@ func WithUserID(uid uint32) SpecOpts {
362362
})
363363
if err != nil {
364364
if os.IsNotExist(err) || err == errNoUsersFound {
365-
s.Process.User.UID, s.Process.User.GID = uid, uid
365+
s.Process.User.UID, s.Process.User.GID = uid, 0
366366
return nil
367367
}
368368
return err
@@ -388,7 +388,7 @@ func WithUserID(uid uint32) SpecOpts {
388388
})
389389
if err != nil {
390390
if os.IsNotExist(err) || err == errNoUsersFound {
391-
s.Process.User.UID, s.Process.User.GID = uid, uid
391+
s.Process.User.UID, s.Process.User.GID = uid, 0
392392
return nil
393393
}
394394
return err

0 commit comments

Comments
 (0)