Use pivot_root instead of chroot for chrootarchive
This fixes one issue with Docker running under a grsec kernel, which denies chmod and mknod under chroot. Note, if pivot_root fails it will still fallback to chroot. Signed-off-by: Brian Goff <cpuguy83@gmail.com>
This commit is contained in:
Brian Goff
parent
73d751590c
commit
7db6117c8e
3 changed files with 102 additions and 8 deletions
|
|
@ -11,19 +11,11 @@ import (
|
|||
"io/ioutil"
|
||||
"os"
|
||||
"runtime"
|
||||
"syscall"
|
||||
|
||||
"github.com/docker/docker/pkg/archive"
|
||||
"github.com/docker/docker/pkg/reexec"
|
||||
)
|
||||
|
||||
func chroot(path string) error {
|
||||
if err := syscall.Chroot(path); err != nil {
|
||||
return err
|
||||
}
|
||||
return syscall.Chdir("/")
|
||||
}
|
||||
|
||||
// untar is the entry-point for docker-untar on re-exec. This is not used on
|
||||
// Windows as it does not support chroot, hence no point sandboxing through
|
||||
// chroot and rexec.
|
||||
|
|
|
|||
Loading…
Add table
Add a link
Reference in a new issue