Skip to content

container: Only drop privs if user is root#15115

Merged
mattklein123 merged 1 commit intoenvoyproxy:mainfrom
phlax:container-perms
Feb 22, 2021
Merged

container: Only drop privs if user is root#15115
mattklein123 merged 1 commit intoenvoyproxy:mainfrom
phlax:container-perms

Conversation

@phlax
Copy link
Member

@phlax phlax commented Feb 19, 2021

Signed-off-by: Ryan Northey ryan@synca.io

Commit Message: container: Only drop privs if user is root
Additional Description:
Risk Level:
Testing:
Docs Changes:
Release Notes:
Platform Specific Features:
[Optional Runtime guard:]
[Optional Fixes #Issue] Partial fix for #14141
[Optional Deprecated:]
[Optional API Considerations:]

@phlax
container: Only drop privs if user is root
39ae772 
Signed-off-by: Ryan Northey <ryan@synca.io>
@phlax
Copy link
Member Author

phlax commented Feb 19, 2021

@lizan this is a partial fix for #14141 - would you mind taking a look

we may also want to do something with the chowning of the out/err pipes but i think this will resolve the cases where this was a problem anyway

@phlax
Copy link
Member Author

phlax commented Feb 19, 2021

i guess this also needs some documentation - i can add if this is accepted as way forward

@phlax phlax mentioned this pull request Feb 19, 2021
Closed
@mattklein123 mattklein123 merged commit b23ee3b into envoyproxy:main Feb 22, 2021
@Shikugawa Shikugawa added the backport/approved Approved backports to stable releases label Mar 1, 2021
@phlax phlax mentioned this pull request Mar 3, 2021
Closed
Shikugawa pushed a commit to Shikugawa/envoy that referenced this pull request Mar 10, 2021
@phlax @Shikugawa
container: Only drop privs if user is root (envoyproxy#15115)
57d4b8e 
Signed-off-by: Ryan Northey <ryan@synca.io>
Signed-off-by: Shikugawa <rei@tetrate.io>
Shikugawa pushed a commit to Shikugawa/envoy that referenced this pull request Mar 10, 2021
@phlax @Shikugawa
container: Only drop privs if user is root (envoyproxy#15115)
1926ef9 
Signed-off-by: Ryan Northey <ryan@synca.io>
Signed-off-by: Shikugawa <rei@tetrate.io>
jmarantz pushed a commit that referenced this pull request Mar 15, 2021
@Shikugawa @phlax
container: Only drop privs if user is root (#15115) (#15397)
b44d176 
Signed-off-by: Ryan Northey ryan@synca.io
Signed-off-by: Shikugawa rei@tetrate.io

For an explanation of how to fill out the fields, please see the relevant section
in PULL_REQUESTS.md

Commit Message:
Additional Description:
Risk Level:
Testing:
Docs Changes:
Release Notes:
Platform Specific Features:
[Optional Runtime guard:]
[Optional Fixes #Issue]
[Optional Deprecated:]
[Optional API Considerations:]

Signed-off-by: Ryan Northey <ryan@synca.io>
Signed-off-by: Shikugawa <rei@tetrate.io>

Co-authored-by: phlax <phlax@users.noreply.github.com>
@phlax phlax mentioned this pull request Jun 6, 2021
Closed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

1 more reviewer

@lizan lizan lizan approved these changes

Reviewers whose approvals may not affect merge requirements

Assignees

@lizan lizan

Labels

backport/approved Approved backports to stable releases

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

4 participants

@phlax @lizan @mattklein123 @Shikugawa