runsc: Chmod all mounted files to 777 inside chroot.

Inside the chroot, we run as user nobody, so all mounted files and directories must be accessible to all users. PiperOrigin-RevId: 212284805 Change-Id: I705e0dbbf15e01e04e0c7f378a99daffe6866807
2018-09-10 09:59:03 -07:00 · 2018-09-10 09:59:03 -07:00 · e198f9ab02
parent 0c0c942327
commit e198f9ab02
1 changed files with 10 additions and 1 deletions
--- a/runsc/sandbox/chroot.go
+++ b/runsc/sandbox/chroot.go
@ -36,7 +36,16 @@ func mountInChroot(chroot, src, dst, typ string, flags uint32) error {
 	chrootDst := filepath.Join(chroot, dst)
 	log.Infof("Mounting %q at %q", src, chrootDst)

-	return specutils.Mount(src, chrootDst, typ, flags)
+	if err := specutils.Mount(src, chrootDst, typ, flags); err != nil {
+		return fmt.Errorf("error mounting %q at %q: %v", src, chrootDst, err)
+	}
+
+	// Make sure the mount is accessible to all users, since we will be
+	// running as nobody inside the chroot.
+	if err := os.Chmod(chrootDst, 0777); err != nil {
+		return fmt.Errorf("Chmod(%q) failed: %v", chroot, err)
+	}
+	return nil
 }

 // setUpChroot creates an empty directory with runsc mounted at /runsc, proc