Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

bugfix: can't use sudo command #2120

Merged
merged 2 commits into from
Aug 20, 2018
Merged

bugfix: can't use sudo command #2120

merged 2 commits into from
Aug 20, 2018

Conversation

rudyfly
Copy link
Collaborator

@rudyfly rudyfly commented Aug 20, 2018
edited
Loading

Ⅰ. Describe what this PR did

When use ssh connect to container, can't use sudo command,

$sudo ls
sudo: must be setuid root

fix: opencontainers/runc#705

fix haven't get additional groups.

Ⅱ. Does this pull request fix one issue?

Ⅲ. Why don't you add test cases (unit test/integration test)? (你真的觉得不需要加测试吗?)

I don't know how to add test case... 😢
You can test it by yourself as below:

Ⅳ. Describe how to verify it

  1. start fedora container
# pouch run --rm --name sudo-test -ti registry.hub.docker.com/library/fedora:latest bash
  1. add group and user
# yum install -y passwd sudo
# groupadd test && useradd -g test -p 123 test
  1. change user and test sudo
# su test
$ sudo ls

We trust you have received the usual lecture from the local System
Administrator. It usually boils down to these three things:

    #1) Respect the privacy of others.
    #2) Think before you type.
    #3) With great power comes great responsibility.

[sudo] password for test:
  1. disappear input password remind is successful

Ⅴ. Special notes for reviews

@pouchrobot pouchrobot added areas/cli kind/bug This is bug report for project size/M labels Aug 20, 2018
@codecov-io
Copy link

codecov-io commented Aug 20, 2018
edited
Loading

Codecov Report

Merging #2120 into master will decrease coverage by 0.11%.
The diff coverage is 93.93%.

Impacted file tree graph

@@            Coverage Diff             @@
##           master    #2120      +/-   ##
==========================================
- Coverage   65.07%   64.96%   -0.12%     
==========================================
  Files         208      208              
  Lines       16417    16441      +24     
==========================================
- Hits        10684    10681       -3     
- Misses       4396     4434      +38     
+ Partials     1337     1326      -11
Flag Coverage Δ
#criv1alpha1test 33.08% <93.93%> (-0.08%) ⬇️
#criv1alpha2test 33.84% <93.93%> (+0.02%) ⬆️
#integrationtest 39.55% <81.81%> (-0.31%) ⬇️
#unittest 23.97% <0%> (-0.04%) ⬇️
Impacted Files Coverage Δ
daemon/mgr/container_types.go 79.54% <100%> (+0.47%) ⬆️
daemon/mgr/spec.go 65.21% <100%> (+1.58%) ⬆️
pkg/user/user.go 40% <91.66%> (-35.76%) ⬇️
apis/server/utils.go 61.9% <0%> (-4.77%) ⬇️
cri/v1alpha2/cri.go 64.63% <0%> (+0.33%) ⬆️
cri/v1alpha1/cri.go 64.13% <0%> (+0.68%) ⬆️
ctrd/container.go 43.5% <0%> (+0.96%) ⬆️
daemon/mgr/container.go 56.25% <0%> (+1.02%) ⬆️
ctrd/watch.go 80.3% <0%> (+4.54%) ⬆️

Ace-Tang
Ace-Tang reviewed Aug 20, 2018
View reviewed changes
daemon/mgr/container_types.go Outdated
}

// then try lower and upper directory, since overlay filesystem support only.
logrus.Debugf("GetSpecificBasePath, snapshotter data: (%v)", c.Snapshotter.Data)
for _, prefixPath := range c.Snapshotter.Data {
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I think it better to range data from order merged, upper, lower, actually, we just need check merge, but we should avoid if merged directory is not mounted.

rudyfly added 2 commits August 20, 2018 17:21
@rudyfly
bugfix: fix haven't get additional groups
aa04dd9 
fix haven't get additional groups.
fix basefs is nil or overlayfs is nil

Signed-off-by: Rudy Zhang <rudyflyzhang@gmail.com>
@rudyfly
bugfix: can't use sudo command
3fb8b83 
When use ssh connect to container, can't use sudo command,
```
$sudo ls
sudo: must be setuid root
```

fix: opencontainers/runc#705

Signed-off-by: Rudy Zhang <rudyflyzhang@gmail.com>
@Ace-Tang
Copy link
Contributor

LGTM

@pouchrobot pouchrobot added the LGTM one maintainer or community participant agrees to merge the pull reuqest. label Aug 20, 2018
@fuweid
Copy link
Contributor

fuweid commented Aug 20, 2018

LGTM

@fuweid fuweid merged commit 6732c78 into AliyunContainerService:master Aug 20, 2018
@pouchrobot pouchrobot mentioned this pull request Aug 25, 2018
Closed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@Ace-Tang Ace-Tang Ace-Tang left review comments

Assignees
No one assigned
Labels
areas/cli kind/bug This is bug report for project LGTM one maintainer or community participant agrees to merge the pull reuqest. size/M
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

cannot suid root when run as non-root
5 participants
@rudyfly @codecov-io @Ace-Tang @fuweid @pouchrobot