Merge pull request #44121 from thaJeztah/22.06_backport_GHSA_rc4r_wh2q_q6c4
[22.06 backport] Updates for supplementary group permissions
This commit is contained in:
commit
50d3438b26
3 changed files with 4 additions and 3 deletions
|
@ -198,6 +198,7 @@ func getUser(c *container.Container, username string) (specs.User, error) {
|
|||
}
|
||||
usr.UID = uint32(execUser.Uid)
|
||||
usr.GID = uint32(execUser.Gid)
|
||||
usr.AdditionalGids = []uint32{usr.GID}
|
||||
|
||||
var addGroups []int
|
||||
if len(c.HostConfig.GroupAdd) > 0 {
|
||||
|
|
|
@ -786,7 +786,7 @@ func (s *DockerCLIRunSuite) TestRunUserByIDZero(c *testing.T) {
|
|||
if err != nil {
|
||||
c.Fatal(err, out)
|
||||
}
|
||||
if !strings.Contains(out, "uid=0(root) gid=0(root) groups=10(wheel)") {
|
||||
if !strings.Contains(out, "uid=0(root) gid=0(root) groups=0(root),10(wheel)") {
|
||||
c.Fatalf("expected daemon user got %s", out)
|
||||
}
|
||||
}
|
||||
|
@ -1086,7 +1086,7 @@ func (s *DockerCLIRunSuite) TestRunGroupAdd(c *testing.T) {
|
|||
testRequires(c, DaemonIsLinux)
|
||||
out, _ := dockerCmd(c, "run", "--group-add=audio", "--group-add=staff", "--group-add=777", "busybox", "sh", "-c", "id")
|
||||
|
||||
groupsList := "uid=0(root) gid=0(root) groups=10(wheel),29(audio),50(staff),777"
|
||||
groupsList := "uid=0(root) gid=0(root) groups=0(root),10(wheel),29(audio),50(staff),777"
|
||||
if actual := strings.Trim(out, "\r\n"); actual != groupsList {
|
||||
c.Fatalf("expected output %s received %s", groupsList, actual)
|
||||
}
|
||||
|
|
|
@ -308,7 +308,7 @@ func (s *DockerSwarmSuite) TestSwarmServiceWithGroup(c *testing.T) {
|
|||
|
||||
out, err = d.Cmd("exec", container, "id")
|
||||
assert.NilError(c, err, out)
|
||||
assert.Equal(c, strings.TrimSpace(out), "uid=0(root) gid=0(root) groups=10(wheel),29(audio),50(staff),777")
|
||||
assert.Equal(c, strings.TrimSpace(out), "uid=0(root) gid=0(root) groups=0(root),10(wheel),29(audio),50(staff),777")
|
||||
}
|
||||
|
||||
func (s *DockerSwarmSuite) TestSwarmContainerAutoStart(c *testing.T) {
|
||||
|
|
Loading…
Reference in a new issue