Skip to content

Commit 269a717

Browse files
mrunalpmrunalp
committed
Make cwd required
Signed-off-by: Mrunal Patel <[email protected]>
1 parent 4c767d7 commit 269a717

File tree

8 files changed

+53
-5
lines changed

8 files changed

+53
-5
lines changed

libcontainer/init_linux.go

Lines changed: 2 additions & 4 deletions
Original file line numberDiff line numberDiff line change
@@ -134,10 +134,8 @@ func finalizeNamespace(config *initConfig) error {
134134
if err := w.drop(); err != nil {
135135
return err
136136
}
137-
if config.Cwd != "" {
138-
if err := syscall.Chdir(config.Cwd); err != nil {
139-
return err
140-
}
137+
if err := syscall.Chdir(config.Cwd); err != nil {
138+
return err
141139
}
142140
return nil
143141
}

libcontainer/integration/checkpoint_test.go

Lines changed: 2 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -82,6 +82,7 @@ func TestCheckpoint(t *testing.T) {
8282
var stdout bytes.Buffer
8383

8484
pconfig := libcontainer.Process{
85+
Cwd: "/",
8586
Args: []string{"cat"},
8687
Env: standardEnvironment,
8788
Stdin: stdinR,
@@ -150,6 +151,7 @@ func TestCheckpoint(t *testing.T) {
150151
}
151152

152153
restoreProcessConfig := &libcontainer.Process{
154+
Cwd: "/",
153155
Stdin: restoreStdinR,
154156
Stdout: &stdout,
155157
}

libcontainer/integration/exec_test.go

Lines changed: 16 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -208,6 +208,7 @@ func TestEnter(t *testing.T) {
208208
var stdout, stdout2 bytes.Buffer
209209

210210
pconfig := libcontainer.Process{
211+
Cwd: "/",
211212
Args: []string{"sh", "-c", "cat && readlink /proc/self/ns/pid"},
212213
Env: standardEnvironment,
213214
Stdin: stdinR,
@@ -224,6 +225,7 @@ func TestEnter(t *testing.T) {
224225
stdinR2, stdinW2, err := os.Pipe()
225226
ok(t, err)
226227
pconfig2 := libcontainer.Process{
228+
Cwd: "/",
227229
Env: standardEnvironment,
228230
}
229231
pconfig2.Args = []string{"sh", "-c", "cat && readlink /proc/self/ns/pid"}
@@ -290,6 +292,7 @@ func TestProcessEnv(t *testing.T) {
290292

291293
var stdout bytes.Buffer
292294
pconfig := libcontainer.Process{
295+
Cwd: "/",
293296
Args: []string{"sh", "-c", "env"},
294297
Env: []string{
295298
"PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin",
@@ -341,6 +344,7 @@ func TestProcessCaps(t *testing.T) {
341344

342345
var stdout bytes.Buffer
343346
pconfig := libcontainer.Process{
347+
Cwd: "/",
344348
Args: []string{"sh", "-c", "cat /proc/self/status"},
345349
Env: standardEnvironment,
346350
Capabilities: processCaps,
@@ -411,6 +415,7 @@ func TestAdditionalGroups(t *testing.T) {
411415

412416
var stdout bytes.Buffer
413417
pconfig := libcontainer.Process{
418+
Cwd: "/",
414419
Args: []string{"sh", "-c", "id", "-Gn"},
415420
Env: standardEnvironment,
416421
Stdin: nil,
@@ -471,6 +476,7 @@ func testFreeze(t *testing.T, systemd bool) {
471476
ok(t, err)
472477

473478
pconfig := &libcontainer.Process{
479+
Cwd: "/",
474480
Args: []string{"cat"},
475481
Env: standardEnvironment,
476482
Stdin: stdinR,
@@ -667,6 +673,7 @@ func TestContainerState(t *testing.T) {
667673
t.Fatal(err)
668674
}
669675
p := &libcontainer.Process{
676+
Cwd: "/",
670677
Args: []string{"cat"},
671678
Env: standardEnvironment,
672679
Stdin: stdinR,
@@ -717,6 +724,7 @@ func TestPassExtraFiles(t *testing.T) {
717724
pipeout1, pipein1, err := os.Pipe()
718725
pipeout2, pipein2, err := os.Pipe()
719726
process := libcontainer.Process{
727+
Cwd: "/",
720728
Args: []string{"sh", "-c", "cd /proc/$$/fd; echo -n *; echo -n 1 >3; echo -n 2 >4"},
721729
Env: []string{"PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin"},
722730
ExtraFiles: []*os.File{pipein1, pipein2},
@@ -800,6 +808,7 @@ func TestMountCmds(t *testing.T) {
800808
defer container.Destroy()
801809

802810
pconfig := libcontainer.Process{
811+
Cwd: "/",
803812
Args: []string{"sh", "-c", "env"},
804813
Env: standardEnvironment,
805814
}
@@ -846,6 +855,7 @@ func TestSysctl(t *testing.T) {
846855

847856
var stdout bytes.Buffer
848857
pconfig := libcontainer.Process{
858+
Cwd: "/",
849859
Args: []string{"sh", "-c", "cat /proc/sys/kernel/shmmni"},
850860
Env: standardEnvironment,
851861
Stdin: nil,
@@ -985,6 +995,7 @@ func TestOomScoreAdj(t *testing.T) {
985995

986996
var stdout bytes.Buffer
987997
pconfig := libcontainer.Process{
998+
Cwd: "/",
988999
Args: []string{"sh", "-c", "cat /proc/self/oom_score_adj"},
9891000
Env: standardEnvironment,
9901001
Stdin: nil,
@@ -1037,6 +1048,7 @@ func TestHook(t *testing.T) {
10371048

10381049
var stdout bytes.Buffer
10391050
pconfig := libcontainer.Process{
1051+
Cwd: "/",
10401052
Args: []string{"sh", "-c", "ls /test"},
10411053
Env: standardEnvironment,
10421054
Stdin: nil,
@@ -1143,6 +1155,7 @@ func TestRootfsPropagationSlaveMount(t *testing.T) {
11431155
ok(t, err)
11441156

11451157
pconfig := &libcontainer.Process{
1158+
Cwd: "/",
11461159
Args: []string{"cat"},
11471160
Env: standardEnvironment,
11481161
Stdin: stdinR,
@@ -1170,6 +1183,7 @@ func TestRootfsPropagationSlaveMount(t *testing.T) {
11701183
ok(t, err)
11711184

11721185
pconfig2 := &libcontainer.Process{
1186+
Cwd: "/",
11731187
Args: []string{"cat", "/proc/self/mountinfo"},
11741188
Env: standardEnvironment,
11751189
Stdin: stdinR2,
@@ -1259,6 +1273,7 @@ func TestRootfsPropagationSharedMount(t *testing.T) {
12591273
ok(t, err)
12601274

12611275
pconfig := &libcontainer.Process{
1276+
Cwd: "/",
12621277
Args: []string{"cat"},
12631278
Env: standardEnvironment,
12641279
Stdin: stdinR,
@@ -1288,6 +1303,7 @@ func TestRootfsPropagationSharedMount(t *testing.T) {
12881303
processCaps := append(config.Capabilities, "CAP_SYS_ADMIN")
12891304

12901305
pconfig2 := &libcontainer.Process{
1306+
Cwd: "/",
12911307
Args: []string{"mount", "--bind", dir2cont, dir2cont},
12921308
Env: standardEnvironment,
12931309
Stdin: stdinR2,

libcontainer/integration/execin_test.go

Lines changed: 14 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -28,6 +28,7 @@ func TestExecIn(t *testing.T) {
2828
stdinR, stdinW, err := os.Pipe()
2929
ok(t, err)
3030
process := &libcontainer.Process{
31+
Cwd: "/",
3132
Args: []string{"cat"},
3233
Env: standardEnvironment,
3334
Stdin: stdinR,
@@ -39,6 +40,7 @@ func TestExecIn(t *testing.T) {
3940

4041
buffers := newStdBuffers()
4142
ps := &libcontainer.Process{
43+
Cwd: "/",
4244
Args: []string{"ps"},
4345
Env: standardEnvironment,
4446
Stdin: buffers.Stdin,
@@ -73,6 +75,7 @@ func TestExecInRlimit(t *testing.T) {
7375
stdinR, stdinW, err := os.Pipe()
7476
ok(t, err)
7577
process := &libcontainer.Process{
78+
Cwd: "/",
7679
Args: []string{"cat"},
7780
Env: standardEnvironment,
7881
Stdin: stdinR,
@@ -84,6 +87,7 @@ func TestExecInRlimit(t *testing.T) {
8487

8588
buffers := newStdBuffers()
8689
ps := &libcontainer.Process{
90+
Cwd: "/",
8791
Args: []string{"/bin/sh", "-c", "ulimit -n"},
8892
Env: standardEnvironment,
8993
Stdin: buffers.Stdin,
@@ -119,6 +123,7 @@ func TestExecInError(t *testing.T) {
119123
stdinR, stdinW, err := os.Pipe()
120124
ok(t, err)
121125
process := &libcontainer.Process{
126+
Cwd: "/",
122127
Args: []string{"cat"},
123128
Env: standardEnvironment,
124129
Stdin: stdinR,
@@ -136,6 +141,7 @@ func TestExecInError(t *testing.T) {
136141
for i := 0; i < 42; i++ {
137142
var out bytes.Buffer
138143
unexistent := &libcontainer.Process{
144+
Cwd: "/",
139145
Args: []string{"unexistent"},
140146
Env: standardEnvironment,
141147
Stdout: &out,
@@ -169,6 +175,7 @@ func TestExecInTTY(t *testing.T) {
169175
stdinR, stdinW, err := os.Pipe()
170176
ok(t, err)
171177
process := &libcontainer.Process{
178+
Cwd: "/",
172179
Args: []string{"cat"},
173180
Env: standardEnvironment,
174181
Stdin: stdinR,
@@ -180,6 +187,7 @@ func TestExecInTTY(t *testing.T) {
180187

181188
var stdout bytes.Buffer
182189
ps := &libcontainer.Process{
190+
Cwd: "/",
183191
Args: []string{"ps"},
184192
Env: standardEnvironment,
185193
}
@@ -224,6 +232,7 @@ func TestExecInEnvironment(t *testing.T) {
224232
stdinR, stdinW, err := os.Pipe()
225233
ok(t, err)
226234
process := &libcontainer.Process{
235+
Cwd: "/",
227236
Args: []string{"cat"},
228237
Env: standardEnvironment,
229238
Stdin: stdinR,
@@ -235,6 +244,7 @@ func TestExecInEnvironment(t *testing.T) {
235244

236245
buffers := newStdBuffers()
237246
process2 := &libcontainer.Process{
247+
Cwd: "/",
238248
Args: []string{"env"},
239249
Env: []string{
240250
"PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin",
@@ -286,6 +296,7 @@ func TestExecinPassExtraFiles(t *testing.T) {
286296
t.Fatal(err)
287297
}
288298
process := &libcontainer.Process{
299+
Cwd: "/",
289300
Args: []string{"cat"},
290301
Env: standardEnvironment,
291302
Stdin: stdinR,
@@ -301,6 +312,7 @@ func TestExecinPassExtraFiles(t *testing.T) {
301312
pipeout1, pipein1, err := os.Pipe()
302313
pipeout2, pipein2, err := os.Pipe()
303314
inprocess := &libcontainer.Process{
315+
Cwd: "/",
304316
Args: []string{"sh", "-c", "cd /proc/$$/fd; echo -n *; echo -n 1 >3; echo -n 2 >4"},
305317
Env: []string{"PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin"},
306318
ExtraFiles: []*os.File{pipein1, pipein2},
@@ -357,6 +369,7 @@ func TestExecInOomScoreAdj(t *testing.T) {
357369
stdinR, stdinW, err := os.Pipe()
358370
ok(t, err)
359371
process := &libcontainer.Process{
372+
Cwd: "/",
360373
Args: []string{"cat"},
361374
Env: standardEnvironment,
362375
Stdin: stdinR,
@@ -368,6 +381,7 @@ func TestExecInOomScoreAdj(t *testing.T) {
368381

369382
buffers := newStdBuffers()
370383
ps := &libcontainer.Process{
384+
Cwd: "/",
371385
Args: []string{"/bin/sh", "-c", "cat /proc/self/oom_score_adj"},
372386
Env: standardEnvironment,
373387
Stdin: buffers.Stdin,

libcontainer/integration/seccomp_test.go

Lines changed: 3 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -42,6 +42,7 @@ func TestSeccompDenyGetcwd(t *testing.T) {
4242

4343
buffers := newStdBuffers()
4444
pwd := &libcontainer.Process{
45+
Cwd: "/",
4546
Args: []string{"pwd"},
4647
Env: standardEnvironment,
4748
Stdin: buffers.Stdin,
@@ -116,6 +117,7 @@ func TestSeccompPermitWriteConditional(t *testing.T) {
116117

117118
buffers := newStdBuffers()
118119
dmesg := &libcontainer.Process{
120+
Cwd: "/",
119121
Args: []string{"busybox", "ls", "/"},
120122
Env: standardEnvironment,
121123
Stdin: buffers.Stdin,
@@ -176,6 +178,7 @@ func TestSeccompDenyWriteConditional(t *testing.T) {
176178

177179
buffers := newStdBuffers()
178180
dmesg := &libcontainer.Process{
181+
Cwd: "/",
179182
Args: []string{"busybox", "ls", "does_not_exist"},
180183
Env: standardEnvironment,
181184
Stdin: buffers.Stdin,

libcontainer/integration/utils_test.go

Lines changed: 1 addition & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -113,6 +113,7 @@ func runContainer(config *configs.Config, console string, args ...string) (buffe
113113
defer container.Destroy()
114114
buffers = newStdBuffers()
115115
process := &libcontainer.Process{
116+
Cwd: "/",
116117
Args: args,
117118
Env: standardEnvironment,
118119
Stdin: buffers.Stdin,

spec.go

Lines changed: 14 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -53,6 +53,7 @@ var specCommand = cli.Command{
5353
"PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin",
5454
"TERM=xterm",
5555
},
56+
Cwd: "/",
5657
},
5758
Hostname: "shell",
5859
Mounts: []specs.MountPoint{
@@ -290,6 +291,15 @@ var mountPropagationMapping = map[string]int{
290291
"": syscall.MS_PRIVATE | syscall.MS_REC,
291292
}
292293

294+
// validateSpec validates the fields in the spec
295+
// TODO: Add validation for other fields where applicable
296+
func validateSpec(spec *specs.LinuxSpec, rspec *specs.LinuxRuntimeSpec) error {
297+
if spec.Process.Cwd == "" {
298+
return fmt.Errorf("Cwd property must not be empty")
299+
}
300+
return nil
301+
}
302+
293303
// loadSpec loads the specification from the provided path.
294304
// If the path is empty then the default path will be "config.json"
295305
func loadSpec(cPath, rPath string) (spec *specs.LinuxSpec, rspec *specs.LinuxRuntimeSpec, err error) {
@@ -317,7 +327,10 @@ func loadSpec(cPath, rPath string) (spec *specs.LinuxSpec, rspec *specs.LinuxRun
317327
if err = json.NewDecoder(rf).Decode(&rspec); err != nil {
318328
return spec, rspec, err
319329
}
320-
return spec, rspec, checkSpecVersion(spec)
330+
if err := checkSpecVersion(spec); err != nil {
331+
return spec, rspec, err
332+
}
333+
return spec, rspec, validateSpec(spec, rspec)
321334
}
322335

323336
// checkSpecVersion makes sure that the spec version matches runc's while we are in the initial

start.go

Lines changed: 1 addition & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -108,6 +108,7 @@ func startContainer(context *cli.Context, spec *specs.LinuxSpec, rspec *specs.Li
108108
// ensure that the container is always removed if we were the process
109109
// that created it.
110110
defer destroy(container)
111+
111112
process := newProcess(spec.Process)
112113

113114
// Support on-demand socket activation by passing file descriptors into the container init process.

0 commit comments

Comments
 (0)