diff options
author | Giuseppe Scrivano <gscrivan@redhat.com> | 2019-03-15 22:50:15 +0100 |
---|---|---|
committer | Giuseppe Scrivano <gscrivan@redhat.com> | 2019-03-15 22:53:23 +0100 |
commit | 6c6a8654363457a9638d58265d0a7e8743575d7a (patch) | |
tree | c217b1e1b34acd7c1575504008a25b70c7cd2101 | |
parent | 8aed32acea9bb35898abcee58fc9aa2a03ef264a (diff) | |
download | podman-6c6a8654363457a9638d58265d0a7e8743575d7a.tar.gz podman-6c6a8654363457a9638d58265d0a7e8743575d7a.tar.bz2 podman-6c6a8654363457a9638d58265d0a7e8743575d7a.zip |
rootless: change default path for conmon.pid
We cannot use the RunDir for writing the conmon.pid file as we might
not be able to read it before we join a namespace, since it is owned
by the root in the container which can be a different uid when using
uidmap. To avoid completely the issue, we will just write it to the
static dir which is always readable by the unprivileged user.
Closes: https://github.com/containers/libpod/issues/2673
Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
-rw-r--r-- | libpod/runtime_ctr.go | 2 |
1 files changed, 1 insertions, 1 deletions
diff --git a/libpod/runtime_ctr.go b/libpod/runtime_ctr.go index c6f119913..3b74a65dd 100644 --- a/libpod/runtime_ctr.go +++ b/libpod/runtime_ctr.go @@ -171,7 +171,7 @@ func (r *Runtime) newContainer(ctx context.Context, rSpec *spec.Spec, options .. }() if rootless.IsRootless() && ctr.config.ConmonPidFile == "" { - ctr.config.ConmonPidFile = filepath.Join(ctr.state.RunDir, "conmon.pid") + ctr.config.ConmonPidFile = filepath.Join(ctr.config.StaticDir, "conmon.pid") } // Go through the volume mounts and check for named volumes |