containers
/
podman
mirror of https://github.com/containers/podman.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Merge pull request #17265 from rhatdan/devices 

Match VT device paths to be blocked from mounting exactly
This commit is contained in:
OpenShift Merge Robot 2023-01-30 02:22:42 -05:00 committed by GitHub
parent df2e83b2eb b0b166b5bb
commit 323b5158d9
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
2 changed files with 68 additions and 10 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

24
pkg/util/utils_linux.go
View File

@ -5,8 +5,9 @@ import (
"fmt" "fmt"
"io/fs" "io/fs"
"os" "os"
"path"
"path/filepath" "path/filepath"
"strconv"
"strings"
"syscall" "syscall"
"github.com/containers/podman/v4/libpod/define" "github.com/containers/podman/v4/libpod/define"
@ -70,20 +71,23 @@ func FindDeviceNodes() (map[string]string, error) {
return nodes, nil return nodes, nil
} }
func isVirtualConsoleDevice(device string) bool { // isVirtualConsoleDevice returns true if path is a virtual console device
// (/dev/tty\d+).
// The passed path must be clean (filepath.Clean).
func isVirtualConsoleDevice(path string) bool {
/* /*
Virtual consoles are of the form `/dev/tty\d+`, any other device such as Virtual consoles are of the form `/dev/tty\d+`, any other device such as
/dev/tty, ttyUSB0, or ttyACM0 should not be matched. /dev/tty, ttyUSB0, or ttyACM0 should not be matched.
See `man 4 console` for more information. See `man 4 console` for more information.
NOTE: Matching is done using path.Match even though a regular expression
would have been more accurate. This is because a regular
expression would have required pre-compilation, which would have
increase the startup time needlessly or made the code more complex
than needed.
*/ */
matched, _ := path.Match("/dev/tty[0-9]*", device) suffix := strings.TrimPrefix(path, "/dev/tty")
return matched if suffix == path || suffix == "" {
return false
}
// 16bit because, max. supported TTY devices is 512 in Linux 6.1.5.
_, err := strconv.ParseUint(suffix, 10, 16)
return err == nil
} }
func AddPrivilegedDevices(g *generate.Generator, systemdMode bool) error { func AddPrivilegedDevices(g *generate.Generator, systemdMode bool) error {

54
pkg/util/utils_linux_test.go Normal file
View File

@ -0,0 +1,54 @@
package util
import (
"testing"
)
func TestIsVirtualConsoleDevice(t *testing.T) {
testcases := []struct {
expectedResult bool
path string
}{
{
expectedResult: true,
path: "/dev/tty10",
},
{
expectedResult: false,
path: "/dev/tty",
},
{
expectedResult: false,
path: "/dev/ttyUSB0",
},
{
expectedResult: false,
path: "/dev/tty0abcd",
},
{
expectedResult: false,
path: "1234",
},
{
expectedResult: false,
path: "abc",
},
{
expectedResult: false,
path: " ",
},
{
expectedResult: false,
path: "",
},
}
for _, tc := range testcases {
t.Run(tc.path, func(t *testing.T) {
result := isVirtualConsoleDevice(tc.path)
if result != tc.expectedResult {
t.Errorf("isVirtualConsoleDevice returned %t, expected %t", result, tc.expectedResult)
}
})
}
}