github/kata-containers
1
0
Fork 1
mirror of https://github.com/kata-containers/kata-containers.git synced 2025-06-29 08:47:56 +00:00
Code Issues Projects Releases Wiki Activity

agent: fix start container failed when dropping all capabilities

Browse Source 
When starting a container and dropping all capabilities,
the init child process has no permission to read the exec.fifo
file because the parent set the file mode 0o622. So change the exec.fifo file mode to 0o644.

fixes #1913

Signed-off-by: quanweiZhou <quanweiZhou@linux.alibaba.com>
This commit is contained in:
quanweiZhou 2021-05-22 16:52:35 +08:00
parent c078628544
commit 3e4ebe10ac
1 changed files with 1 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
src/agent/rustjail/src/container.rs
View File

@ -820,7 +820,7 @@ impl BaseContainer for LinuxContainer {
if stat::stat(fifo_file.as_str()).is_ok() { if stat::stat(fifo_file.as_str()).is_ok() {
return Err(anyhow!("exec fifo exists")); return Err(anyhow!("exec fifo exists"));
} }
unistd::mkfifo(fifo_file.as_str(), Mode::from_bits(0o622).unwrap())?; unistd::mkfifo(fifo_file.as_str(), Mode::from_bits(0o644).unwrap())?;
fifofd = fcntl::open( fifofd = fcntl::open(
fifo_file.as_str(), fifo_file.as_str(),