diff options
author | Matthew Heon <mheon@redhat.com> | 2021-01-04 14:36:41 -0500 |
---|---|---|
committer | Matthew Heon <mheon@redhat.com> | 2021-01-04 14:36:41 -0500 |
commit | 960607a4cd0c2672f28aaeab511770370c547a2c (patch) | |
tree | 5cae0846566fb82cd68c5b7de5e825f9adf9c27a /libpod | |
parent | f261bfc54961c156c3a4acc2cd1c5379a83f1c0b (diff) | |
download | podman-960607a4cd0c2672f28aaeab511770370c547a2c.tar.gz podman-960607a4cd0c2672f28aaeab511770370c547a2c.tar.bz2 podman-960607a4cd0c2672f28aaeab511770370c547a2c.zip |
Ensure we do not edit container config in Exec
The existing code grabs the base container's process, and then
modifies it for use with the exec session. This could cause
errors in `podman inspect` or similar on the container, as the
definition of its OCI spec has been changed by the exec session.
The change never propagates to the DB, so it's limited to a
single process, but we should still avoid it when possible - so
deep-copy it before use.
Signed-off-by: Matthew Heon <mheon@redhat.com>
Diffstat (limited to 'libpod')
-rw-r--r-- | libpod/oci_conmon_linux.go | 5 |
1 files changed, 4 insertions, 1 deletions
diff --git a/libpod/oci_conmon_linux.go b/libpod/oci_conmon_linux.go index 199b40097..f1220f399 100644 --- a/libpod/oci_conmon_linux.go +++ b/libpod/oci_conmon_linux.go @@ -1190,7 +1190,10 @@ func prepareProcessExec(c *Container, options *ExecOptions, env []string, sessio if err != nil { return nil, err } - pspec := c.config.Spec.Process + pspec := new(spec.Process) + if err := JSONDeepCopy(c.config.Spec.Process, pspec); err != nil { + return nil, err + } pspec.SelinuxLabel = c.config.ProcessLabel pspec.Args = options.Cmd for _, cap := range options.CapAdd { |