From 04e098ac4298dc7107b2ab018a4353ca43792519 Mon Sep 17 00:00:00 2001
From: Jaroslav Jindrak <dzejrou@gmail.com>
Date: Fri, 20 Jan 2023 21:41:12 +0100
Subject: [PATCH] libcontainer: skip chown of /dev/null caused by fd
 redirection

In #3355 the check whether the STDIO file descriptors point to
/dev/null was removed which can cause /dev/null to change ownership
e.g. when using docker exec on a running container:

$ ls -l /dev/null
crw-rw-rw- 1 root root 1, 3 Aug 1 14:12 /dev/null
$ docker exec -u test 0ad6d3064e9d ls
$ ls -l /dev/null
crw-rw-rw- 1 test root 1, 3 Aug 1 14:12 /dev/null
---
 libcontainer/init_linux.go | 5 +++--
 1 file changed, 3 insertions(+), 2 deletions(-)

diff --git a/libcontainer/init_linux.go b/libcontainer/init_linux.go
index 410fca7ad75..41cc9e2197c 100644
--- a/libcontainer/init_linux.go
+++ b/libcontainer/init_linux.go
@@ -411,8 +411,9 @@ func fixStdioPermissions(u *user.ExecUser) error {
 			return &os.PathError{Op: "fstat", Path: file.Name(), Err: err}
 		}
 
-		// Skip chown if uid is already the one we want.
-		if int(s.Uid) == u.Uid {
+		// Skip chown if uid is already the one we want or any of the STDIO descriptors
+		// were redirected to /dev/null.
+		if int(s.Uid) == u.Uid || s.Rdev == null.Rdev {
 			continue
 		}