github/kata-containers
1
0
Fork 1
mirror of https://github.com/kata-containers/kata-containers.git synced 2025-04-29 20:24:31 +00:00
Code Issues Projects Releases Wiki Activity

runtime-rs: fix is_pid_namespace_enabled check

Browse Source 
We should test is_pid_namespace_enabled before amending the container
spec, where the pid namespace path is cleared and resulting
sandbox_pidns to always being false.

Fixes: #5881
Signed-off-by: Peng Tao <bergwolf@hyper.sh>
This commit is contained in:
Peng Tao 2022-12-12 09:52:27 +00:00
parent 67e82804c5
commit e9e82ce28b
1 changed files with 1 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
src/runtime-rs/crates/runtimes/virt_container/src/container_manager/container.rs
View File

@ -81,8 +81,8 @@ impl Container {
let mut inner = self.inner.write().await; let mut inner = self.inner.write().await;
let toml_config = self.resource_manager.config().await; let toml_config = self.resource_manager.config().await;
let config = &self.config; let config = &self.config;
amend_spec(&mut spec, toml_config.runtime.disable_guest_seccomp).context("amend spec")?;
let sandbox_pidns = is_pid_namespace_enabled(&spec); let sandbox_pidns = is_pid_namespace_enabled(&spec);
amend_spec(&mut spec, toml_config.runtime.disable_guest_seccomp).context("amend spec")?;
// handler rootfs // handler rootfs
let rootfs = self let rootfs = self