-
Notifications
You must be signed in to change notification settings - Fork 2.1k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
User namespaces cause permission error with go1.5 #125
Comments
There is also a setgroups(0, []) in the golang source when execing if SysProcAttr.Credentials is set, even if Credentials is empty. This may be a bug in golang. It shouldn't be calling setgroups if the flag is not set. |
@LK4D4 did u submit a go patch for this issue? |
@crosbymichael Yup, and it was accepted. Will be in go1.6 |
Awesome. Thanks! I think we can close this issue and it will be resolved properly in Go 1.6. |
config: Add example cwd
When using a config with user namespaces with go1.5, run gets a permission issue trying to call setgroups(0, []). The reason is in go1.5 setting the uid_map causes the segroups to be set to deny.
An obvious fix is to not setgroups if there are no additional groups specified:
But this doesn't help the case where we actually want to set groups. We could also set the SysProcAttr.GidMappingsEnableSetgroups = true when we create the process, but this flag only exists in 1.5 so we need some build flags to only set it in go1.5. Also we may only want it to be true if AdditionalGids are set in the json.
The text was updated successfully, but these errors were encountered: