Skip to content

crun: chown std streams #755

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 1 commit into from
Oct 14, 2021
Merged

crun: chown std streams #755

merged 1 commit into from
Oct 14, 2021

Conversation

giuseppe
Copy link
Member

chown the std streams file descriptors, when they are not a tty, to
the user in the container.

Closes: #745

Signed-off-by: Giuseppe Scrivano [email protected]

@giuseppe giuseppe mentioned this pull request Oct 13, 2021
Closed
flouthoc
flouthoc reviewed Oct 13, 2021
View reviewed changes
src/libcrun/container.c
if (UNLIKELY (ret < 0))
return crun_make_error (err, errno, "fchown std stream %i", i);
}
}
Copy link
Collaborator

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I think return 0; needs to be added here for success case.

@lgtm-com
Copy link

lgtm-com bot commented Oct 13, 2021

This pull request introduces 1 alert when merging 57d982e into 9e2ed72 - view on LGTM.com

new alerts:

  • 1 for Missing return statement

@rhatdan
Copy link
Member

rhatdan commented Oct 13, 2021

LGTM
@flouthoc PTAL

@flouthoc
Copy link
Collaborator

Do we need additional capabilities by caller before calling maybe_chown_std_streams. I think some tests are failing while performing chown on stdin.

@giuseppe
crun: chown std streams
cab3d52 
chown the std streams file descriptors, when they are not a tty, to
the user in the container.

Closes: containers#745

Signed-off-by: Giuseppe Scrivano <[email protected]>
@giuseppe
Copy link
Member Author

Do we need additional capabilities by caller before calling maybe_chown_std_streams. I think some tests are failing while performing chown on stdin.

pushed a new version. I think we need to ignore EINVAL and EPERM, as runc does

@flouthoc flouthoc merged commit daab5ae into containers:main Oct 14, 2021
@M1cha M1cha mentioned this pull request Oct 3, 2022
Closed
@kolyshkin kolyshkin mentioned this pull request Oct 28, 2024
Open
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@flouthoc flouthoc flouthoc approved these changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

crun "exec" denies access to /dev/stdin
3 participants
@giuseppe @rhatdan @flouthoc