rkt: Set default 'User', 'Group' to root if it's not specified.

2016-01-27 11:55:56 -08:00 · 2016-01-27 11:55:56 -08:00 · 581759d12d
parent e07d9b3ee7
commit 581759d12d
2 changed files with 21 additions and 6 deletions
--- a/pkg/kubelet/rkt/rkt.go
+++ b/pkg/kubelet/rkt/rkt.go
@ -434,6 +434,17 @@ func setApp(app *appctypes.App, c *api.Container, opts *kubecontainer.RunContain
 	}
 	setSupplementaryGIDs(app, podCtx)

+	// If 'User' or 'Group' are still empty at this point,
+	// then apply the root UID and GID.
+	// TODO(yifan): Instead of using root GID, we should use
+	// the GID which the user is in.
+	if app.User == "" {
+		app.User = "0"
+	}
+	if app.Group == "" {
+		app.Group = "0"
+	}
+
 	// Set working directory.
 	if len(c.WorkingDir) > 0 {
 		app.WorkingDirectory = c.WorkingDir
--- a/pkg/kubelet/rkt/rkt_test.go
+++ b/pkg/kubelet/rkt/rkt_test.go
@ -703,8 +703,6 @@ func generateMemoryIsolator(t *testing.T, request, limit string) appctypes.Isola
 func baseApp(t *testing.T) *appctypes.App {
 	return &appctypes.App{
 		Exec:              appctypes.Exec{"/bin/foo"},
-		User:              "0",
-		Group:             "22",
 		SupplementaryGIDs: []int{4, 5, 6},
 		WorkingDirectory:  "/foo",
 		Environment: []appctypes.EnvironmentVariable{
@ -725,6 +723,12 @@ func baseApp(t *testing.T) *appctypes.App {
 	}
 }

+func baseAppWithRootUserGroup(t *testing.T) *appctypes.App {
+	app := baseApp(t)
+	app.User, app.Group = "0", "0"
+	return app
+}
+
 type envByName []appctypes.EnvironmentVariable

 func (s envByName) Len() int           { return len(s) }
@ -776,13 +780,13 @@ func TestSetApp(t *testing.T) {
 		expect    *appctypes.App
 		err       error
 	}{
-		// Nothing should change.
+		// Nothing should change, but the "User" and "Group" should be filled.
 		{
 			container: &api.Container{},
 			opts:      &kubecontainer.RunContainerOptions{},
 			ctx:       nil,
 			podCtx:    nil,
-			expect:    baseApp(t),
+			expect:    baseAppWithRootUserGroup(t),
 			err:       nil,
 		},

@ -836,7 +840,7 @@ func TestSetApp(t *testing.T) {
 			expect: &appctypes.App{
 				Exec:              appctypes.Exec{"/bin/bar", "hello", "world"},
 				User:              "42",
-				Group:             "22",
+				Group:             "0",
 				SupplementaryGIDs: []int{1, 2, 3},
 				WorkingDirectory:  tmpDir,
 				Environment: []appctypes.EnvironmentVariable{
@ -898,7 +902,7 @@ func TestSetApp(t *testing.T) {
 			expect: &appctypes.App{
 				Exec:              appctypes.Exec{"/bin/bar", "foo", "hello", "world", "bar"},
 				User:              "42",
-				Group:             "22",
+				Group:             "0",
 				SupplementaryGIDs: []int{1, 2, 3},
 				WorkingDirectory:  tmpDir,
 				Environment: []appctypes.EnvironmentVariable{