summaryrefslogtreecommitdiff
path: root/libpod
diff options
context:
space:
mode:
authorMatthew Heon <mheon@redhat.com>2022-09-02 13:40:29 -0400
committerMatthew Heon <mheon@redhat.com>2022-09-06 15:09:27 -0400
commit5cb27f3c85e517954e81f129deb0e492511a814f (patch)
treee024231b1724ce5dcfaadb8ada18be6628203834 /libpod
parent85f3c2783cb6807032b779bc2827dd79dbcad3e4 (diff)
downloadpodman-5cb27f3c85e517954e81f129deb0e492511a814f.tar.gz
podman-5cb27f3c85e517954e81f129deb0e492511a814f.tar.bz2
podman-5cb27f3c85e517954e81f129deb0e492511a814f.zip
Add container GID to additional groups
Mitigates a potential permissions issue. Mirrors Buildah PR #4200 and CRI-O PR #6159. Signed-off-by: Matthew Heon <mheon@redhat.com>
Diffstat (limited to 'libpod')
-rw-r--r--libpod/container_internal_linux.go1
1 files changed, 1 insertions, 0 deletions
diff --git a/libpod/container_internal_linux.go b/libpod/container_internal_linux.go
index a131ab367..39aaac923 100644
--- a/libpod/container_internal_linux.go
+++ b/libpod/container_internal_linux.go
@@ -682,6 +682,7 @@ func (c *Container) generateSpec(ctx context.Context) (*spec.Spec, error) {
// User and Group must go together
g.SetProcessUID(uint32(execUser.Uid))
g.SetProcessGID(uint32(execUser.Gid))
+ g.AddProcessAdditionalGid(uint32(execUser.Gid))
}
if c.config.Umask != "" {
generated by cgit v1.2.3-54-g00ecf (git 2.39.0) at 2024-11-16 16:52:16 +0000