set +x on overlay fs dirs
We need to set +x on the overlay dirs or after dropping from root to a non-root user an eperm will happen on exec or other file access Signed-off-by: Michael Crosby <crosbymichael@gmail.com>
This commit is contained in:
Michael Crosby
parent
597815af7e
commit
71e8d765df
3 changed files with 10 additions and 4 deletions
|
|
@ -113,6 +113,13 @@ func spec(id string, config *ocispec.ImageConfig, context *cli.Context) (*specs.
|
|||
Effective: capabilities,
|
||||
Ambient: capabilities,
|
||||
},
|
||||
Rlimits: []specs.LinuxRlimit{
|
||||
{
|
||||
Type: "RLIMIT_NOFILE",
|
||||
Hard: uint64(1024),
|
||||
Soft: uint64(1024),
|
||||
},
|
||||
},
|
||||
},
|
||||
Mounts: []specs.Mount{
|
||||
{
|
||||
|
|
@ -311,7 +318,7 @@ var runCommand = cli.Command{
|
|||
}
|
||||
var imageConfig ocispec.Image
|
||||
switch ic.MediaType {
|
||||
case ocispec.MediaTypeImageConfig, "application/vnd.docker.container.image.v1+json":
|
||||
case ocispec.MediaTypeImageConfig, images.MediaTypeDockerSchema2Config:
|
||||
r, err := provider.Reader(ctx, ic.Digest)
|
||||
if err != nil {
|
||||
return err
|
||||
|
|
|
|||
Loading…
Add table
Add a link
Reference in a new issue