Merge pull request #1283 from estesp/bp-1280

Random-Liu · web-flow · commit 40affe7c7402 · 2019-09-19T21:35:06.000-07:00
[release/1.2] Backport fix for default UNIX environment in OCI container config
diff --git a/pkg/server/container_create.go b/pkg/server/container_create.go
@@ -264,6 +264,7 @@ func (c *criService) CreateContainer(ctx context.Context, r *runtime.CreateConta
 	if err != nil {
 		return nil, errors.Wrap(err, "failed to get runtime options")
 	}
+
 	opts = append(opts,
 		containerd.WithSpec(spec, specOpts...),
 		containerd.WithRuntime(sandboxInfo.Runtime.Name, runtimeOptions),
@@ -904,6 +905,8 @@ func defaultRuntimeSpec(id string) (*runtimespec.Spec, error) {
 	}
 	if spec.Linux != nil {
 		spec.Linux.Seccomp = nil
+		// add default UNIX path; will be optionally overwritten by image config PATH env
+		spec.Process.Env = append(spec.Process.Env, "PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin")
 	}
 
 	// Remove default rlimits (See issue #515)
diff --git a/pkg/server/container_create_test.go b/pkg/server/container_create_test.go
@@ -287,6 +287,26 @@ func TestContainerSpecTty(t *testing.T) {
 	}
 }
 
+func TestContainerSpecDefaultPath(t *testing.T) {
+	testID := "test-id"
+	testSandboxID := "sandbox-id"
+	testPid := uint32(1234)
+	expectedDefault := "PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin"
+	containerConfig, sandboxConfig, imageConfig, specCheck := getCreateContainerTestData()
+	c := newTestCRIService()
+	for _, pathenv := range []string{"", "PATH=/usr/local/bin/games"} {
+		expected := expectedDefault
+		if pathenv != "" {
+			imageConfig.Env = append(imageConfig.Env, pathenv)
+			expected = pathenv
+		}
+		spec, err := c.generateContainerSpec(testID, testSandboxID, testPid, containerConfig, sandboxConfig, imageConfig, nil)
+		require.NoError(t, err)
+		specCheck(t, testID, testSandboxID, testPid, spec)
+		assert.Contains(t, spec.Process.Env, expected)
+	}
+}
+
 func TestContainerSpecReadonlyRootfs(t *testing.T) {
 	testID := "test-id"
 	testSandboxID := "sandbox-id"

Original file line number	Diff line number	Diff line change
`@@ -264,6 +264,7 @@ func (c criService) CreateContainer(ctx context.Context, r runtime.CreateConta`
`264`	`264`	`if err != nil {`
`265`	`265`	`return nil, errors.Wrap(err, "failed to get runtime options")`
`266`	`266`	`}`
	`267`	`+`
`267`	`268`	`opts = append(opts,`
`268`	`269`	`containerd.WithSpec(spec, specOpts...),`
`269`	`270`	`containerd.WithRuntime(sandboxInfo.Runtime.Name, runtimeOptions),`
`@@ -904,6 +905,8 @@ func defaultRuntimeSpec(id string) (*runtimespec.Spec, error) {`
`904`	`905`	`}`
`905`	`906`	`if spec.Linux != nil {`
`906`	`907`	`spec.Linux.Seccomp = nil`
	`908`	`+ // add default UNIX path; will be optionally overwritten by image config PATH env`
	`909`	`+ spec.Process.Env = append(spec.Process.Env, "PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin")`
`907`	`910`	`}`
`908`	`911`
`909`	`912`	`// Remove default rlimits (See issue #515)`