plugin sandbox fixes (#8418)

author: Chris <ccbrown112@gmail.com> 2018-03-07 12:43:26 -0600
committer: Derrick Anderson <derrick@andersonwebstudio.com> 2018-03-07 13:43:26 -0500
commit: e4ddad16bfe15ac1c1b6a0334df084bbb334d4e3 (patch)
tree: b470c1379b22e2321b01e47b75dfec17d0088f7c /plugin
parent: af758c8e5df3d80e0910c5549660ffd6b16e6af2 (diff)
download: chat-e4ddad16bfe15ac1c1b6a0334df084bbb334d4e3.tar.gz
chat-e4ddad16bfe15ac1c1b6a0334df084bbb334d4e3.tar.bz2
chat-e4ddad16bfe15ac1c1b6a0334df084bbb334d4e3.zip
1 files changed, 10 insertions, 1 deletions
diff --git a/plugin/rpcplugin/sandbox/sandbox_linux.go b/plugin/rpcplugin/sandbox/sandbox_linux.go
index dad485f68..4ade00cf2 100644
--- a/plugin/rpcplugin/sandbox/sandbox_linux.go
+++ b/plugin/rpcplugin/sandbox/sandbox_linux.go
@@ -267,7 +267,7 @@ func pivotRoot(newRoot string) error {
 func dropInheritableCapabilities() error {
 	type capHeader struct {
 		version uint32
-		pid     int
+		pid     int32
 	}
 
 	type capData struct {
@@ -425,6 +425,15 @@ func checkSupportInNamespace() error {
 		return errors.Wrapf(err, "unable to enable seccomp filter")
 	}
 
+	if f, err := os.Create(os.DevNull); err != nil {
+		return errors.Wrapf(err, "unable to open os.DevNull")
+	} else {
+		defer f.Close()
+		if _, err = f.Write([]byte("foo")); err != nil {
+			return errors.Wrapf(err, "unable to write to os.DevNull")
+		}
+	}
+
 	return nil
 }
author	Chris <ccbrown112@gmail.com>	2018-03-07 12:43:26 -0600
committer	Derrick Anderson <derrick@andersonwebstudio.com>	2018-03-07 13:43:26 -0500
commit	e4ddad16bfe15ac1c1b6a0334df084bbb334d4e3 (patch)
tree	b470c1379b22e2321b01e47b75dfec17d0088f7c /plugin
parent	af758c8e5df3d80e0910c5549660ffd6b16e6af2 (diff)
download	chat-e4ddad16bfe15ac1c1b6a0334df084bbb334d4e3.tar.gz chat-e4ddad16bfe15ac1c1b6a0334df084bbb334d4e3.tar.bz2 chat-e4ddad16bfe15ac1c1b6a0334df084bbb334d4e3.zip