Ensure /run is executable for backward compatibility

Netflix · Feb 15, 2019 · a483063 · a483063
1 parent 611c8d8
commit a483063
Show file tree

Hide file tree

Showing 2 changed files with 15 additions and 1 deletion.
diff --git a/executor/mock/standalone/standalone_test.go b/executor/mock/standalone/standalone_test.go
@@ -141,6 +141,7 @@ func TestStandalone(t *testing.T) {
 		testCachedDockerPull,
 		testMetatron,
 		testRunTmpFsMount,
+		testExecSlashRun,
 	}
 	for _, fun := range testFunctions {
 		fullName := runtime.FuncForPC(reflect.ValueOf(fun).Pointer()).Name()
@@ -977,3 +978,16 @@ func testRunTmpFsMount(t *testing.T, jobID string) {
 		t.Fail()
 	}
 }
+
+// Test that we can execute files in `/run`
+func testExecSlashRun(t *testing.T, jobID string) {
+	ji := &mock.JobInput{
+		ImageName:     ubuntu.name,
+		Version:       ubuntu.tag,
+		EntrypointOld: `/bin/bash -c 'echo "#!/bin/bash\necho works"' > /run/execme && chmod +x /run/execme && /run/execme`,
+		JobID:         jobID,
+	}
+	if !mock.RunJobExpectingSuccess(ji) {
+		t.Fail()
+	}
+}
diff --git a/executor/runtime/docker/docker.go b/executor/runtime/docker/docker.go
@@ -487,7 +487,7 @@ func (r *DockerRuntime) dockerConfig(c *runtimeTypes.Container, binds []string,
 
 	// Always setup tmpfs: it's needed to ensure Metatron credentials don't persist across reboots and for SystemD to work
 	hostCfg.Tmpfs = map[string]string{
-		"/run": "rw,noexec,nosuid,size=" + defaultRunTmpFsSize,
+		"/run": "rw,exec,nosuid,size=" + defaultRunTmpFsSize,
 	}
 
 	if r.storageOptEnabled {