check whether the user owns the specified XDG_RUNTIME_DIR. Hopefully
it will help catching errors when running in a "sudo -u" session that
uses the wrong value for XDG_RUNTIME_DIR.
Closes: https://github.com/containers/podman/issues/9114
Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
This mirrors the Docker and containerd changes, with the caveat that
because mount(2) is permitted under podman for all containers we
therefore add all of the v2 mount API syscalls as available to all
containers.
Signed-off-by: Aleksa Sarai <cyphar@cyphar.com>
The generate.go script used to fill the default seccomp profile file is
quite important as otherwise distributions will end up having outdated
seccomp filters even after a podman update.
This script comes from the Docker repo.
Signed-off-by: Aleksa Sarai <cyphar@cyphar.com>
Several syscalls were enabled globally (SCMP_ACT_ALLOW without any
conditions for all containers), but also had conditional rules later in
the profile (likely inherited from Docker). The following syscalls do
not need special casing because they were globally enabled:
* clone, unshare, mount, umount, umount2 all had special CAP_SYS_ADMIN
restrictions but those don't make sense since they were also enabled
for all containers.
* reboot was permitted for CAP_SYS_BOOT and all containers.
* name_to_handle_at was permitted for CAP_SYS_ADMIN, CAP_SYS_NICE(?),
and all containers.
And certain syscalls had globally-enabled rules when they shouldn't
have:
* socket has special rules for CAP_AUDIT_WRITE but it also had a global
"allow unconditionally" rule. It turns out that libseccomp will
override unconditional rules with conditional ones but this is
somewhat of an implementation detail and it's much safer to remove
the rule and use the existing cases.
Now the only syscalls remaining with complicated rules (meaning they
appear more than once in the profile) are:
* sync_file_range2 which is architecture specific (though in principle
we could move it to enabled-without-rules because runc ignores
unknown syscalls).
Signed-off-by: Aleksa Sarai <cyphar@cyphar.com>
This will allow users to configure the amount of parallel copies that
the container engines are allowed to do. This allows users to configure
their systems to match their available network settings.
Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
Fix a bug where if the secret name was a prefix of an existing id, secrets would reject the new name
Now, you can use the secret name as expected
Example: if a secret with id "abcdefg" already exists:
Previously, it would error if you tried to create a secret with name "abc"
Now it allows you to do so
Signed-off-by: Ashley Cui <acui@redhat.com>
Currently the difference between isRetryable and shouldRestart
is not clear in the function names, this simply makes them
more understandable.
Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
Need to be able to getdefault container environment
based on use provided functions on httpProxy and use
the environment from the host.
This way users can modify the environment from podman
Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
syscall.ERESTART is not defined on Darwin, so move to
an unsupported package. While this would work on Windows
this code most likey never will, so rather then complicate
code, I just left ERESTART on Windows as not supported.
Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
This is the implementation of the backend of secrets. pkg/secrets takes a secret name and data and does these operations on that secret data: store, delete, lookup, and list, using a secretsmanager.
The first driver implemented here is a filedriver - where the data is stored unencrypted on disk in a file.
The secrets package can be easily expanded to use more drivers as the package implements an interface to accept different drivers
Signed-off-by: Ashley Cui <acui@redhat.com>
Giuseppe Scrivano
Aleksa Sarai
OpenShift Merge Robot
Daniel J Walsh
Ashley Cui
baude
dependabot-preview[bot]
naveen