Add additional GIDs by default if they exist in /etc/group#2650
Merged
crosbymichael merged 2 commits intocontainerd:masterfrom Sep 17, 2018
Merged
Add additional GIDs by default if they exist in /etc/group#2650crosbymichael merged 2 commits intocontainerd:masterfrom
crosbymichael merged 2 commits intocontainerd:masterfrom
Conversation
If we are using an image config, we should by default add any additional GIDs that are found from reading /etc/group, even if the default user is root. Signed-off-by: Phil Estes <estesp@linux.vnet.ibm.com>
9e19ffc to
13931e4
Compare
Member
|
@estesp We don't use the |
These tests would have failed if any image had a USER declaration in it, but because the test image never has, these were never caught. Adding supplemental GIDs on any image revealed the issue. Signed-off-by: Phil Estes <estesp@linux.vnet.ibm.com>
Member
|
LGTM |
Member
|
LGTM |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
4 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
If we are using an image config, we should by default add any additional
GIDs that are found from reading /etc/group, even if the default user is
root.
Signed-off-by: Phil Estes estesp@linux.vnet.ibm.com
The more I thought about this I'm not sure there is any downside to just handling additional GIDs by default when an image is involved. Other opinions? API users can still override; the CRI model will still work by collecting it's own GIDs and merging with any found in
/etc/group