Can create rootless containers with ubuntu rootfs

The ubuntu rootfs contained a read-only /etc/resolv.conf and this was causing creation to fail when guardian attempted to open with write privileges. [#147862525] Signed-off-by: Craig Furman <[email protected]>
hpcloud · Jun 29, 2017 · 91dd4e0 · 91dd4e0
1 parent 3084a1e
commit 91dd4e0
Show file tree

Hide file tree

Showing 2 changed files with 12 additions and 1 deletion.
diff --git a/gqt/rootless_linux_test.go b/gqt/rootless_linux_test.go
@@ -122,6 +122,17 @@ var _ = Describe("rootless containers", func() {
 
 			Expect(stdout.String()).To(ContainSubstring("alice:alice"))
 		})
+
+		Context("when the rootfs contains a read-only resolv.conf", func() {
+			BeforeEach(func() {
+				Expect(os.Chmod(filepath.Join(imagePath, "rootfs", "etc", "resolv.conf"), 0444)).To(Succeed())
+			})
+
+			It("succeeds anyway", func() {
+				_, err := client.Create(garden.ContainerSpec{})
+				Expect(err).NotTo(HaveOccurred())
+			})
+		})
 	})
 
 	Describe("running a process in a container", func() {

diff --git a/rundmc/preparerootfs/create_file.go b/rundmc/preparerootfs/create_file.go
@@ -22,7 +22,7 @@ func touchFile(path string) error {
 		return err
 	}
 
-	file, err := os.OpenFile(path, os.O_CREATE|os.O_WRONLY, 0644)
+	file, err := os.OpenFile(path, os.O_CREATE, 0444)
 	if err != nil {
 		return err
 	}