github/kubernetes
1
0
Fork 0
mirror of https://github.com/k3s-io/kubernetes.git synced 2025-07-26 13:07:07 +00:00
Code Issues Projects Releases Wiki Activity

Merge pull request #20233 from yifan-gu/rkt_fix_user_group

Browse Source 
Auto commit by PR queue bot
This commit is contained in:
k8s-merge-robot 2016-02-02 08:47:08 -08:00
commit 23c64ec103
2 changed files with 21 additions and 6 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

11
pkg/kubelet/rkt/rkt.go
View File

@ -434,6 +434,17 @@ func setApp(app *appctypes.App, c *api.Container, opts *kubecontainer.RunContain
} }
setSupplementaryGIDs(app, podCtx) setSupplementaryGIDs(app, podCtx)
// If 'User' or 'Group' are still empty at this point,
// then apply the root UID and GID.
// TODO(yifan): Instead of using root GID, we should use
// the GID which the user is in.
if app.User == "" {
app.User = "0"
}
if app.Group == "" {
app.Group = "0"
}
// Set working directory. // Set working directory.
if len(c.WorkingDir) > 0 { if len(c.WorkingDir) > 0 {
app.WorkingDirectory = c.WorkingDir app.WorkingDirectory = c.WorkingDir

16
pkg/kubelet/rkt/rkt_test.go
View File

@ -718,8 +718,6 @@ func generateMemoryIsolator(t *testing.T, request, limit string) appctypes.Isola
func baseApp(t *testing.T) *appctypes.App { func baseApp(t *testing.T) *appctypes.App {
return &appctypes.App{ return &appctypes.App{
Exec: appctypes.Exec{"/bin/foo"}, Exec: appctypes.Exec{"/bin/foo"},
User: "0",
Group: "22",
SupplementaryGIDs: []int{4, 5, 6}, SupplementaryGIDs: []int{4, 5, 6},
WorkingDirectory: "/foo", WorkingDirectory: "/foo",
Environment: []appctypes.EnvironmentVariable{ Environment: []appctypes.EnvironmentVariable{
@ -740,6 +738,12 @@ func baseApp(t *testing.T) *appctypes.App {
} }
} }
func baseAppWithRootUserGroup(t *testing.T) *appctypes.App {
app := baseApp(t)
app.User, app.Group = "0", "0"
return app
}
type envByName []appctypes.EnvironmentVariable type envByName []appctypes.EnvironmentVariable
func (s envByName) Len() int { return len(s) } func (s envByName) Len() int { return len(s) }
@ -791,13 +795,13 @@ func TestSetApp(t *testing.T) {
expect *appctypes.App expect *appctypes.App
err error err error
}{ }{
// Nothing should change. // Nothing should change, but the "User" and "Group" should be filled.
{ {
container: &api.Container{}, container: &api.Container{},
opts: &kubecontainer.RunContainerOptions{}, opts: &kubecontainer.RunContainerOptions{},
ctx: nil, ctx: nil,
podCtx: nil, podCtx: nil,
expect: baseApp(t), expect: baseAppWithRootUserGroup(t),
err: nil, err: nil,
}, },
@ -851,7 +855,7 @@ func TestSetApp(t *testing.T) {
expect: &appctypes.App{ expect: &appctypes.App{
Exec: appctypes.Exec{"/bin/bar", "hello", "world"}, Exec: appctypes.Exec{"/bin/bar", "hello", "world"},
User: "42", User: "42",
Group: "22", Group: "0",
SupplementaryGIDs: []int{1, 2, 3}, SupplementaryGIDs: []int{1, 2, 3},
WorkingDirectory: tmpDir, WorkingDirectory: tmpDir,
Environment: []appctypes.EnvironmentVariable{ Environment: []appctypes.EnvironmentVariable{
@ -914,7 +918,7 @@ func TestSetApp(t *testing.T) {
expect: &appctypes.App{ expect: &appctypes.App{
Exec: appctypes.Exec{"/bin/bar", "foo", "hello", "world", "bar"}, Exec: appctypes.Exec{"/bin/bar", "foo", "hello", "world", "bar"},
User: "42", User: "42",
Group: "22", Group: "0",
SupplementaryGIDs: []int{1, 2, 3}, SupplementaryGIDs: []int{1, 2, 3},
WorkingDirectory: tmpDir, WorkingDirectory: tmpDir,
Environment: []appctypes.EnvironmentVariable{ Environment: []appctypes.EnvironmentVariable{