Merge pull request #44121 from thaJeztah/22.06_backport_GHSA_rc4r_wh2q_q6c4

[22.06 backport] Updates for supplementary group permissions
This commit is contained in:
Sebastiaan van Stijn 2022-09-09 02:11:57 +02:00 committed by GitHub
commit 50d3438b26
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
3 changed files with 4 additions and 3 deletions

View file

@ -198,6 +198,7 @@ func getUser(c *container.Container, username string) (specs.User, error) {
}
usr.UID = uint32(execUser.Uid)
usr.GID = uint32(execUser.Gid)
usr.AdditionalGids = []uint32{usr.GID}
var addGroups []int
if len(c.HostConfig.GroupAdd) > 0 {

View file

@ -786,7 +786,7 @@ func (s *DockerCLIRunSuite) TestRunUserByIDZero(c *testing.T) {
if err != nil {
c.Fatal(err, out)
}
if !strings.Contains(out, "uid=0(root) gid=0(root) groups=10(wheel)") {
if !strings.Contains(out, "uid=0(root) gid=0(root) groups=0(root),10(wheel)") {
c.Fatalf("expected daemon user got %s", out)
}
}
@ -1086,7 +1086,7 @@ func (s *DockerCLIRunSuite) TestRunGroupAdd(c *testing.T) {
testRequires(c, DaemonIsLinux)
out, _ := dockerCmd(c, "run", "--group-add=audio", "--group-add=staff", "--group-add=777", "busybox", "sh", "-c", "id")
groupsList := "uid=0(root) gid=0(root) groups=10(wheel),29(audio),50(staff),777"
groupsList := "uid=0(root) gid=0(root) groups=0(root),10(wheel),29(audio),50(staff),777"
if actual := strings.Trim(out, "\r\n"); actual != groupsList {
c.Fatalf("expected output %s received %s", groupsList, actual)
}

View file

@ -308,7 +308,7 @@ func (s *DockerSwarmSuite) TestSwarmServiceWithGroup(c *testing.T) {
out, err = d.Cmd("exec", container, "id")
assert.NilError(c, err, out)
assert.Equal(c, strings.TrimSpace(out), "uid=0(root) gid=0(root) groups=10(wheel),29(audio),50(staff),777")
assert.Equal(c, strings.TrimSpace(out), "uid=0(root) gid=0(root) groups=0(root),10(wheel),29(audio),50(staff),777")
}
func (s *DockerSwarmSuite) TestSwarmContainerAutoStart(c *testing.T) {