Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

libct: we should set envs after we are in the jail of the container #4693

Merged
merged 2 commits into from
Apr 1, 2025
Merged

libct: we should set envs after we are in the jail of the container #4693

merged 2 commits into from
Apr 1, 2025
+38 −6

Conversation

lifubang
Copy link
Member

@lifubang lifubang commented Mar 25, 2025
edited by kolyshkin
Loading

Because we have to set a default HOME env for the current container user, so we should set it after we are in the jail of the container, or else we'll use host's /etc/passwd to get a wrong HOME value.

Fixes #4688.

@lifubang lifubang added regression backport/1.3-todo A PR in main branch which needs to be backported to release-1.3 labels Mar 25, 2025
@lifubang lifubang force-pushed the fix-home-env-check-set branch 2 times, most recently from 2c1ab94 to 409b8fa Compare March 25, 2025 03:04
@lifubang lifubang requested review from rata and kolyshkin March 25, 2025 03:05
@lifubang lifubang force-pushed the fix-home-env-check-set branch 2 times, most recently from 43d6f21 to 6869606 Compare March 25, 2025 03:12
rata
rata reviewed Mar 25, 2025
View reviewed changes
Copy link
Member

@rata rata left a comment
edited
Loading

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Left some comments.

However, I think it might be simpler if we sync on slack. Let's chat there, it might be faster :)

cc @kolyshkin @lifubang

tests/integration/run.bats Outdated

# https://github.com/opencontainers/runc/issues/4688
@test "runc run check default home" {
requires root
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Does it require root?

Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

IMHO it does not; instead, it should use

        [ $EUID -ne 0 ] && requires rootless_idmap

Copy link
Member Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Thanks!

kolyshkin
kolyshkin approved these changes Mar 25, 2025
View reviewed changes
Copy link
Contributor

@kolyshkin kolyshkin left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM overall (except for the test case nits), and thanks!

PS it makes sense to add test that runc exec also sets $HOME properly.

@lifubang lifubang force-pushed the fix-home-env-check-set branch from 6869606 to d8bdf54 Compare March 26, 2025 10:30
@kolyshkin kolyshkin added this to the 1.3.0-rc.2 milestone Mar 26, 2025
@kolyshkin kolyshkin force-pushed the fix-home-env-check-set branch from d8bdf54 to 0823f14 Compare March 26, 2025 21:20
kolyshkin
kolyshkin approved these changes Mar 26, 2025
View reviewed changes
Copy link
Contributor

@kolyshkin kolyshkin left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Still LGTM. Thanks for adding the exec test case.

rata
rata approved these changes Mar 31, 2025
View reviewed changes
Copy link
Member

@rata rata left a comment
edited
Loading

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM. Thanks again for the quick fix!

If you can add that comment in the test, it would be great. Feel free to merge after adding that comment (if you agree it makes sense), don't need to review and wait for that again :)

@lifubang lifubang force-pushed the fix-home-env-check-set branch from 0823f14 to dabe9cb Compare April 1, 2025 10:20
rata
rata approved these changes Apr 1, 2025
View reviewed changes
Copy link
Member

@rata rata left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM, feel free to merge when tests are green :)

lifubang added 2 commits April 1, 2025 15:22
@lifubang
test: check whether runc set a correct default home env or not
4a0e282 
Signed-off-by: lifubang <[email protected]>
@lifubang
libct: we should set envs after we are in the jail of the container
bf38646 
Because we have to set a default HOME env for the current container
user, so we should set it after we are in the jail of the container,
or else we'll use host's `/etc/passwd` to get a wrong HOME value.
Please see: opencontainers#4688.

Signed-off-by: lifubang <[email protected]>
@lifubang lifubang force-pushed the fix-home-env-check-set branch from dabe9cb to bf38646 Compare April 1, 2025 15:22
@rata rata merged commit f88669c into opencontainers:main Apr 1, 2025
34 checks passed
@rata
Copy link
Member

rata commented Apr 1, 2025

@lifubang Can you open a backport to 1.3?

@rata rata added the kind/bug label Apr 1, 2025
@kolyshkin kolyshkin mentioned this pull request Apr 2, 2025
Merged
@kolyshkin
Copy link
Contributor

1.3 backport: #4706

@kolyshkin kolyshkin removed this from the 1.3.0-rc.2 milestone Apr 2, 2025
@kolyshkin kolyshkin removed the backport/1.3-todo A PR in main branch which needs to be backported to release-1.3 label Apr 2, 2025
@kolyshkin kolyshkin added the backport/1.3-done A PR in main branch which has been backported to release-1.3 label Apr 2, 2025
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@rata rata rata approved these changes

@kolyshkin kolyshkin kolyshkin approved these changes

@cyphar cyphar Awaiting requested review from cyphar

@AkihiroSuda AkihiroSuda Awaiting requested review from AkihiroSuda

Assignees
No one assigned
Labels
backport/1.3-done A PR in main branch which has been backported to release-1.3 kind/bug regression
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

Using runc 1.3.0-rc1 has a HOME=/
3 participants
@lifubang @rata @kolyshkin