From 7603c22c7365d7d7150597fe396e0707d6e561da Mon Sep 17 00:00:00 2001
From: Michael Crosby <crosbymichael@gmail.com>
Date: Wed, 13 Mar 2019 16:04:28 -0400
Subject: [PATCH] Use original process spec for execs

Fixes #38865

Signed-off-by: Michael Crosby <crosbymichael@gmail.com>
---
 daemon/exec.go                        | 24 ++++++++++++++++++------
 integration/container/exec_test.go    | 15 +++++++++++++++
 integration/internal/container/ops.go |  7 +++++++
 3 files changed, 40 insertions(+), 6 deletions(-)

diff --git a/daemon/exec.go b/daemon/exec.go
index f0b43d7253..abb239b520 100644
--- a/daemon/exec.go
+++ b/daemon/exec.go
@@ -4,6 +4,7 @@ import (
 	"context"
 	"fmt"
 	"io"
+	"runtime"
 	"strings"
 	"time"
 
@@ -16,7 +17,7 @@ import (
 	"github.com/docker/docker/pkg/pools"
 	"github.com/docker/docker/pkg/signal"
 	"github.com/docker/docker/pkg/term"
-	specs "github.com/opencontainers/runtime-spec/specs-go"
+	"github.com/opencontainers/runtime-spec/specs-go"
 	"github.com/pkg/errors"
 	"github.com/sirupsen/logrus"
 )
@@ -217,12 +218,23 @@ func (d *Daemon) ContainerExecStart(ctx context.Context, name string, stdin io.R
 		ec.StreamConfig.NewNopInputPipe()
 	}
 
-	p := &specs.Process{
-		Args:     append([]string{ec.Entrypoint}, ec.Args...),
-		Env:      ec.Env,
-		Terminal: ec.Tty,
-		Cwd:      ec.WorkingDir,
+	p := &specs.Process{}
+	if runtime.GOOS != "windows" {
+		container, err := d.containerdCli.LoadContainer(ctx, ec.ContainerID)
+		if err != nil {
+			return err
+		}
+		spec, err := container.Spec(ctx)
+		if err != nil {
+			return err
+		}
+		p = spec.Process
 	}
+	p.Args = append([]string{ec.Entrypoint}, ec.Args...)
+	p.Env = ec.Env
+	p.Cwd = ec.WorkingDir
+	p.Terminal = ec.Tty
+
 	if p.Cwd == "" {
 		p.Cwd = "/"
 	}
diff --git a/integration/container/exec_test.go b/integration/container/exec_test.go
index 214987bbae..c7603ebd00 100644
--- a/integration/container/exec_test.go
+++ b/integration/container/exec_test.go
@@ -117,3 +117,18 @@ func TestExec(t *testing.T) {
 	assert.Assert(t, is.Contains(out, "PWD=/tmp"), "exec command not running in expected /tmp working directory")
 	assert.Assert(t, is.Contains(out, "FOO=BAR"), "exec command not running with expected environment variable FOO")
 }
+
+func TestExecUser(t *testing.T) {
+	skip.If(t, versions.LessThan(testEnv.DaemonAPIVersion(), "1.39"), "broken in earlier versions")
+	skip.If(t, testEnv.OSType == "windows", "FIXME. Probably needs to wait for container to be in running state.")
+	defer setupTest(t)()
+	ctx := context.Background()
+	client := testEnv.APIClient()
+
+	cID := container.Run(t, ctx, client, container.WithTty(true), container.WithUser("1:1"))
+
+	result, err := container.Exec(ctx, client, cID, []string{"id"})
+	assert.NilError(t, err)
+
+	assert.Assert(t, is.Contains(result.Stdout(), "uid=1(daemon) gid=1(daemon)"), "exec command not running as uid/gid 1")
+}
diff --git a/integration/internal/container/ops.go b/integration/internal/container/ops.go
index 7bbf6cf0a2..700014abb2 100644
--- a/integration/internal/container/ops.go
+++ b/integration/internal/container/ops.go
@@ -143,3 +143,10 @@ func WithRestartPolicy(policy string) func(c *TestContainerConfig) {
 		c.HostConfig.RestartPolicy.Name = policy
 	}
 }
+
+// WithUser sets the user
+func WithUser(user string) func(c *TestContainerConfig) {
+	return func(c *TestContainerConfig) {
+		c.Config.User = user
+	}
+}