Merge pull request #61965 from Random-Liu/fix-error-handling

Automatic merge from submit-queue (batch tested with PRs 61929, 61965). If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>. Fix dockershim CreateContainer error handling. Found this bug in CRI validation test https://github.com/kubernetes-incubator/cri-tools/pull/282. In https://github.com/kubernetes/kubernetes/pull/52077, we expect container creation to return error if `RunAsGroup` is specified without `RunAsUser` or `RunAsUsername`. However, the error returned is not handled. @krmayankk This is only a corner case. Does this worth cherry-pick into 1.10? @kubernetes/sig-node-bugs Signed-off-by: Lantao Liu <lantaol@google.com> **Release note**: ```release-note none ```
2025-07-23 11:50:44 +00:00 · 2018-03-31 01:22:03 -07:00 · 2018-03-31 01:22:03 -07:00 · cfcf9d8511
commit cfcf9d8511
parent 44b30f22c5 e137649b36
1 changed files with 4 additions and 1 deletions
--- a/pkg/kubelet/dockershim/docker_container.go
+++ b/pkg/kubelet/dockershim/docker_container.go
@ -140,7 +140,10 @@ func (ds *dockerService) CreateContainer(_ context.Context, r *runtimeapi.Create
 	}

 	hc := createConfig.HostConfig
-	ds.updateCreateConfig(&createConfig, config, sandboxConfig, podSandboxID, securityOptSeparator, apiVersion)
+	err = ds.updateCreateConfig(&createConfig, config, sandboxConfig, podSandboxID, securityOptSeparator, apiVersion)
+	if err != nil {
+		return nil, fmt.Errorf("failed to update container create config: %v", err)
+	}
 	// Set devices for container.
 	devices := make([]dockercontainer.DeviceMapping, len(config.Devices))
 	for i, device := range config.Devices {