vbatts/cri-o
1
0
Fork 0
Code Issues Pull requests Releases Wiki Activity

oci: respect process spec on exec

Browse source 
This patch fixes exec to use the original (start-time) process exec
configuration. Otherwise, we were creating a brand new spec process w/o
additional groups for instance.
Spotted while integrating CRI-O with cri-test...The test was failing
with:
```
• Failure [10.640 seconds]
[k8s.io] Security Context
/home/amurdaca/go/src/github.com/kubernetes-incubator/cri-tools/pkg/framework/framework.go:72
  bucket
  /home/amurdaca/go/src/github.com/kubernetes-incubator/cri-tools/pkg/validate/security_context.go:407
    runtime should support SupplementalGroups [It]
    /home/amurdaca/go/src/github.com/kubernetes-incubator/cri-tools/pkg/validate/security_context.go:272

    Expected
        <[]string | len:1, cap:1>: ["0"]
    to contain element matching
        <string>: 1234
```

Signed-off-by: Antonio Murdaca <runcom@redhat.com>
This commit is contained in:
Antonio Murdaca 2017-10-19 15:02:56 +02:00
parent 0914a7a667
commit c316e5d8cf
No known key found for this signature in database
GPG key ID: B2BEAD150DE936B9
5 changed files with 18 additions and 5 deletions
Download patch file Download diff file Expand all files Collapse all files

2
libkpod/container_server.go
View file

@ -388,6 +388,7 @@ func (c *ContainerServer) LoadSandbox(id string) error {
if err != nil {
return err
}
scontainer.SetSpec(&m)
scontainer.SetMountPoint(m.Annotations[annotations.MountPoint])
if m.Annotations[annotations.Volumes] != "" {
@ -511,6 +512,7 @@ func (c *ContainerServer) LoadContainer(id string) error {
if err != nil {
return err
}
ctr.SetSpec(&m)
ctr.SetMountPoint(m.Annotations[annotations.MountPoint])
c.ContainerStateFromDisk(ctr)