(ctx context.Context, containerdCli *containerd.Client, ec *container.ExecConfig)
| 12 | ) |
| 13 | |
| 14 | func getUserFromContainerd(ctx context.Context, containerdCli *containerd.Client, ec *container.ExecConfig) (specs.User, error) { |
| 15 | ctr, err := containerdCli.LoadContainer(ctx, ec.Container.ID) |
| 16 | if err != nil { |
| 17 | return specs.User{}, err |
| 18 | } |
| 19 | |
| 20 | cinfo, err := ctr.Info(ctx) |
| 21 | if err != nil { |
| 22 | return specs.User{}, err |
| 23 | } |
| 24 | |
| 25 | spec, err := ctr.Spec(ctx) |
| 26 | if err != nil { |
| 27 | return specs.User{}, err |
| 28 | } |
| 29 | |
| 30 | opts := []coci.SpecOpts{ |
| 31 | coci.WithUser(ec.User), |
| 32 | coci.WithAdditionalGIDs(ec.User), |
| 33 | coci.WithAppendAdditionalGroups(ec.Container.HostConfig.GroupAdd...), |
| 34 | } |
| 35 | for _, opt := range opts { |
| 36 | if err := opt(ctx, containerdCli, &cinfo, spec); err != nil { |
| 37 | return specs.User{}, err |
| 38 | } |
| 39 | } |
| 40 | |
| 41 | return spec.Process.User, nil |
| 42 | } |
| 43 | |
| 44 | func (daemon *Daemon) execSetPlatformOpt(ctx context.Context, daemonCfg *config.Config, ec *container.ExecConfig, p *specs.Process) error { |
| 45 | if ec.User != "" { |
no test coverage detected
searching dependent graphs…