oci: correctly use user.GetExecUser interface
A nil interface in Go is not the same as a nil pointer that satisfies
the interface. libcontainer/user has special handling for missing
/etc/{passwd,group} files but this is all based on nil interface checks,
which were broken by Docker's usage of the API.
When combined with some recent changes in runc that made read errors
actually be returned to the caller, this results in spurrious -EINVAL
errors when we should detect the situation as "there is no passwd file".
Signed-off-by: Aleksa Sarai <asarai@suse.de>
(cherry picked from commit 3108ae6226
)
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
This commit is contained in:
parent
7d597ee2c9
commit
83baeafc3c
1 changed files with 8 additions and 1 deletions
|
@ -157,7 +157,14 @@ func readUserFile(c *container.Container, p string) (io.ReadCloser, error) {
|
|||
if err != nil {
|
||||
return nil, err
|
||||
}
|
||||
return os.Open(fp)
|
||||
fh, err := os.Open(fp)
|
||||
if err != nil {
|
||||
// This is needed because a nil *os.File is different to a nil
|
||||
// io.ReadCloser and this causes GetExecUser to not detect that the
|
||||
// container file is missing.
|
||||
return nil, err
|
||||
}
|
||||
return fh, nil
|
||||
}
|
||||
|
||||
func getUser(c *container.Container, username string) (uint32, uint32, []uint32, error) {
|
||||
|
|
Loading…
Reference in a new issue