From e198f9ab02874caeef65f16c0546af1e52e9a7d3 Mon Sep 17 00:00:00 2001
From: Nicolas Lacasse <nlacasse@google.com>
Date: Mon, 10 Sep 2018 09:59:03 -0700
Subject: [PATCH] runsc: Chmod all mounted files to 777 inside chroot.

Inside the chroot, we run as user nobody, so all mounted files and directories
must be accessible to all users.

PiperOrigin-RevId: 212284805
Change-Id: I705e0dbbf15e01e04e0c7f378a99daffe6866807
---
 runsc/sandbox/chroot.go | 11 ++++++++++-
 1 file changed, 10 insertions(+), 1 deletion(-)

diff --git a/runsc/sandbox/chroot.go b/runsc/sandbox/chroot.go
index a77a186c2..f35d9c72d 100644
--- a/runsc/sandbox/chroot.go
+++ b/runsc/sandbox/chroot.go
@@ -36,7 +36,16 @@ func mountInChroot(chroot, src, dst, typ string, flags uint32) error {
 	chrootDst := filepath.Join(chroot, dst)
 	log.Infof("Mounting %q at %q", src, chrootDst)
 
-	return specutils.Mount(src, chrootDst, typ, flags)
+	if err := specutils.Mount(src, chrootDst, typ, flags); err != nil {
+		return fmt.Errorf("error mounting %q at %q: %v", src, chrootDst, err)
+	}
+
+	// Make sure the mount is accessible to all users, since we will be
+	// running as nobody inside the chroot.
+	if err := os.Chmod(chrootDst, 0777); err != nil {
+		return fmt.Errorf("Chmod(%q) failed: %v", chroot, err)
+	}
+	return nil
 }
 
 // setUpChroot creates an empty directory with runsc mounted at /runsc, proc