libct: fixStdioPermissions: skip chown if not needed

Since we already called fstat, we know the current file uid. In case it is the same as the one we want it to be, there's no point in trying chown. Remove the specific /dev/null check, as the above also covers it (comparing /dev/null uid with itself is true). This also fixes runc exec with read-only /dev for root user. Signed-off-by: Kir Kolyshkin <kolyshkin@gmail.com>
kolyshkin · Jan 22, 2022 · 18c4760 · 18c4760
1 parent b7fdb68
commit 18c4760
Showing 1 changed file with 3 additions and 3 deletions.
diff --git a/libcontainer/init_linux.go b/libcontainer/init_linux.go
@@ -411,12 +411,12 @@ func fixStdioPermissions(u *user.ExecUser) error {
 			return &os.PathError{Op: "fstat", Path: file.Name(), Err: err}
 		}
 
-		// Skip chown of /dev/null if it was used as one of the STDIO fds.
-		if s.Rdev == null.Rdev {
+		// Skip chown if uid is already the one we want.
+		if int(s.Uid) == u.Uid {
 			continue
 		}
 
-		// We only change the uid owner (as it is possible for the mount to
+		// We only change the uid (as it is possible for the mount to
 		// prefer a different gid, and there's no reason for us to change it).
 		// The reason why we don't just leave the default uid=X mount setup is
 		// that users expect to be able to actually use their console. Without