summaryrefslogtreecommitdiff
path: root/libpod
diff options
context:
space:
mode:
authorMatthew Heon <mheon@redhat.com>2021-01-04 14:36:41 -0500
committerMatthew Heon <mheon@redhat.com>2021-01-04 14:36:41 -0500
commit960607a4cd0c2672f28aaeab511770370c547a2c (patch)
tree5cae0846566fb82cd68c5b7de5e825f9adf9c27a /libpod
parentf261bfc54961c156c3a4acc2cd1c5379a83f1c0b (diff)
downloadpodman-960607a4cd0c2672f28aaeab511770370c547a2c.tar.gz
podman-960607a4cd0c2672f28aaeab511770370c547a2c.tar.bz2
podman-960607a4cd0c2672f28aaeab511770370c547a2c.zip
Ensure we do not edit container config in Exec
The existing code grabs the base container's process, and then modifies it for use with the exec session. This could cause errors in `podman inspect` or similar on the container, as the definition of its OCI spec has been changed by the exec session. The change never propagates to the DB, so it's limited to a single process, but we should still avoid it when possible - so deep-copy it before use. Signed-off-by: Matthew Heon <mheon@redhat.com>
Diffstat (limited to 'libpod')
-rw-r--r--libpod/oci_conmon_linux.go5
1 files changed, 4 insertions, 1 deletions
diff --git a/libpod/oci_conmon_linux.go b/libpod/oci_conmon_linux.go
index 199b40097..f1220f399 100644
--- a/libpod/oci_conmon_linux.go
+++ b/libpod/oci_conmon_linux.go
@@ -1190,7 +1190,10 @@ func prepareProcessExec(c *Container, options *ExecOptions, env []string, sessio
if err != nil {
return nil, err
}
- pspec := c.config.Spec.Process
+ pspec := new(spec.Process)
+ if err := JSONDeepCopy(c.config.Spec.Process, pspec); err != nil {
+ return nil, err
+ }
pspec.SelinuxLabel = c.config.ProcessLabel
pspec.Args = options.Cmd
for _, cap := range options.CapAdd {