Set gid 0 when no group is specified#2529
Conversation
This change is to match Docker's implementaion of setting gid and groups to 0 when no gid is specified but an explicit uid is set. Fixes containerd#2527 Signed-off-by: Michael Crosby <[email protected]>
|
@justincormack @ijc can you review this one please |
Codecov Report
@@ Coverage Diff @@
## master #2529 +/- ##
=======================================
Coverage 45.05% 45.05%
=======================================
Files 94 94
Lines 9796 9796
=======================================
Hits 4414 4414
Misses 4662 4662
Partials 720 720
Continue to review full report at Codecov.
|
|
LGTM Add cherry pick label? |
| if err != nil { | ||
| if os.IsNotExist(err) || err == errNoUsersFound { | ||
| s.Process.User.UID, s.Process.User.GID = uid, uid | ||
| s.Process.User.UID, s.Process.User.GID = uid, 0 |
There was a problem hiding this comment.
Is it really correct to squash any previous non-zero GID here? Might it not be set in the base image or from a previous call to WithUser or WithUIDGID. The latter two examples are a bit weak, but the base image one I'm less sure of.
|
The comment on Which is no longer correct. There's also a grammar-o in the last clause to (probably should be "... and does not return an error"). |
The behaviour was changed in 99df1a9 ("Set gid 0 when no group is specified"), part of containerd#2529. Take the opportunity to tighten up the grammar a bit too. Signed-off-by: Ian Campbell <[email protected]>
The behaviour was changed in 99df1a9 ("Set gid 0 when no group is specified"), part of containerd#2529. Take the opportunity to tighten up the grammar a bit too. Signed-off-by: Ian Campbell <[email protected]> Signed-off-by: Phil Estes <[email protected]>
6 participants
This change is to match Docker's implementaion of setting gid and groups
to 0 when no gid is specified but an explicit uid is set.
Fixes #2527
Signed-off-by: Michael Crosby [email protected]