diff options
author | Chris <ccbrown112@gmail.com> | 2018-03-07 12:43:26 -0600 |
---|---|---|
committer | Derrick Anderson <derrick@andersonwebstudio.com> | 2018-03-07 13:43:26 -0500 |
commit | e4ddad16bfe15ac1c1b6a0334df084bbb334d4e3 (patch) | |
tree | b470c1379b22e2321b01e47b75dfec17d0088f7c /plugin/rpcplugin/sandbox/sandbox_linux.go | |
parent | af758c8e5df3d80e0910c5549660ffd6b16e6af2 (diff) | |
download | chat-e4ddad16bfe15ac1c1b6a0334df084bbb334d4e3.tar.gz chat-e4ddad16bfe15ac1c1b6a0334df084bbb334d4e3.tar.bz2 chat-e4ddad16bfe15ac1c1b6a0334df084bbb334d4e3.zip |
plugin sandbox fixes (#8418)
Diffstat (limited to 'plugin/rpcplugin/sandbox/sandbox_linux.go')
-rw-r--r-- | plugin/rpcplugin/sandbox/sandbox_linux.go | 11 |
1 files changed, 10 insertions, 1 deletions
diff --git a/plugin/rpcplugin/sandbox/sandbox_linux.go b/plugin/rpcplugin/sandbox/sandbox_linux.go index dad485f68..4ade00cf2 100644 --- a/plugin/rpcplugin/sandbox/sandbox_linux.go +++ b/plugin/rpcplugin/sandbox/sandbox_linux.go @@ -267,7 +267,7 @@ func pivotRoot(newRoot string) error { func dropInheritableCapabilities() error { type capHeader struct { version uint32 - pid int + pid int32 } type capData struct { @@ -425,6 +425,15 @@ func checkSupportInNamespace() error { return errors.Wrapf(err, "unable to enable seccomp filter") } + if f, err := os.Create(os.DevNull); err != nil { + return errors.Wrapf(err, "unable to open os.DevNull") + } else { + defer f.Close() + if _, err = f.Write([]byte("foo")); err != nil { + return errors.Wrapf(err, "unable to write to os.DevNull") + } + } + return nil } |