Copy spec to not touch original spec on exec(sync)

Fixes #3988 Signed-off-by: Sascha Grunert <sgrunert@suse.com>
cri-o · Jul 21, 2020 · a2ec1d4 · a2ec1d4
1 parent d3bee57
commit a2ec1d4
Show file tree

Hide file tree

Showing 2 changed files with 23 additions and 1 deletion.
diff --git a/internal/oci/runtime_oci.go b/internal/oci/runtime_oci.go
@@ -1081,7 +1081,9 @@ func prepareProcessExec(c *Container, cmd []string, tty bool) (*os.File, error)
 		return nil, err
 	}
 
-	pspec := c.Spec().Process
+	// It's important to make a spec copy here to not overwrite the initial
+	// process spec
+	pspec := *c.Spec().Process
 	pspec.Args = cmd
 	// We need to default this to false else it will inherit terminal as true
 	// from the container.

diff --git a/test/ctr.bats b/test/ctr.bats
@@ -856,6 +856,26 @@ function wait_until_exit() {
 	[ "$status" -eq 0 ]
 }
 
+@test "ctr execsync should not overwrite initial spec args" {
+    start_crio
+
+    run crictl run "$TESTDATA"/container_redis.json "$TESTDATA"/sandbox_config.json
+    [ "$status" -eq 0 ]
+    CTR="$output"
+
+    run crictl inspect $CTR | jq -e '.info.runtimeSpec.process.args[2] == "redis-server"'
+    [ "$status" -eq 0 ]
+
+    run crictl exec --sync $CTR echo Hello
+    [ "$status" -eq 0 ]
+
+    run crictl inspect $CTR | jq -e '.info.runtimeSpec.process.args[2] == "redis-server"'
+    [ "$status" -eq 0 ]
+
+    run crictl rm -f $CTR
+    [ "$status" -eq 0 ]
+}
+
 @test "ctr device add" {
 	# In an user namespace we can only bind mount devices from the host, not mknod
 	# https://github.com/opencontainers/runc/blob/master/libcontainer/rootfs_linux.go#L480-L481