mirror of
https://github.com/moby/moby.git
synced 2022-11-09 12:21:53 -05:00
Add security privilege needed to write layers when windows VHDX used as docker data root
Signed-off-by: Adam Williams <awilliams@mirantis.com>
This commit is contained in:
parent
bd61fdc65d
commit
489f57b877
1 changed files with 2 additions and 2 deletions
|
@ -832,13 +832,13 @@ func writeLayerReexec() {
|
||||||
|
|
||||||
// writeLayer writes a layer from a tar file.
|
// writeLayer writes a layer from a tar file.
|
||||||
func writeLayer(layerData io.Reader, home string, id string, parentLayerPaths ...string) (size int64, retErr error) {
|
func writeLayer(layerData io.Reader, home string, id string, parentLayerPaths ...string) (size int64, retErr error) {
|
||||||
err := winio.EnableProcessPrivileges([]string{winio.SeBackupPrivilege, winio.SeRestorePrivilege})
|
err := winio.EnableProcessPrivileges([]string{winio.SeSecurityPrivilege, winio.SeBackupPrivilege, winio.SeRestorePrivilege})
|
||||||
if err != nil {
|
if err != nil {
|
||||||
return 0, err
|
return 0, err
|
||||||
}
|
}
|
||||||
if noreexec {
|
if noreexec {
|
||||||
defer func() {
|
defer func() {
|
||||||
if err := winio.DisableProcessPrivileges([]string{winio.SeBackupPrivilege, winio.SeRestorePrivilege}); err != nil {
|
if err := winio.DisableProcessPrivileges([]string{winio.SeSecurityPrivilege, winio.SeBackupPrivilege, winio.SeRestorePrivilege}); err != nil {
|
||||||
// This should never happen, but just in case when in debugging mode.
|
// This should never happen, but just in case when in debugging mode.
|
||||||
// See https://github.com/docker/docker/pull/28002#discussion_r86259241 for rationale.
|
// See https://github.com/docker/docker/pull/28002#discussion_r86259241 for rationale.
|
||||||
panic("Failed to disabled process privileges while in non re-exec mode")
|
panic("Failed to disabled process privileges while in non re-exec mode")
|
||||||
|
|
Loading…
Reference in a new issue