Use pivot_root instead of chroot for chrootarchive
This fixes one issue with Docker running under a grsec kernel, which denies chmod and mknod under chroot. Note, if pivot_root fails it will still fallback to chroot. Signed-off-by: Brian Goff <cpuguy83@gmail.com>
This commit is contained in:
Brian Goff
parent
73d751590c
commit
7db6117c8e
3 changed files with 102 additions and 8 deletions
12
chrootarchive/chroot_unix.go
Normal file
12
chrootarchive/chroot_unix.go
Normal file
|
|
@ -0,0 +1,12 @@
|
|||
// +build !windows,!linux
|
||||
|
||||
package chrootarchive
|
||||
|
||||
import "syscall"
|
||||
|
||||
func chroot(path string) error {
|
||||
if err := syscall.Chroot(path); err != nil {
|
||||
return err
|
||||
}
|
||||
return syscall.Chdir("/")
|
||||
}
|
||||
Loading…
Add table
Add a link
Reference in a new issue