containers
/
podman
mirror of https://github.com/containers/podman.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity
podman/pkg/util
History
Giuseppe Scrivano 4d56292e7a
libpod: mount safely subpaths 
add a function to securely mount a subpath inside a volume.  We cannot
trust that the subpath is safe since it is beneath a volume that could
be controlled by a separate container.  To avoid TOCTOU races between
when we check the subpath and when the OCI runtime mounts it, we open
the subpath, validate it, bind mount to a temporary directory and use
it instead of the original path.

Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
 		2023-03-31 19:48:03 +02:00
..
camelcase Fix typos 2023-02-11 18:23:24 +01:00
filters.go prune filter handling 2022-07-25 09:28:26 -04:00
filters_test.go prune filter handling 2022-07-25 09:28:26 -04:00
kube.go play kube: Allow the user to import the contents of a tar file into a volume 2022-10-25 15:11:25 +03:00
mountOpts.go libpod: mount safely subpaths 2023-03-31 19:48:03 +02:00
mountOpts_linux.go Turn off 'noexec' option by default for named volumes 2020-05-20 16:48:20 -04:00
mountOpts_other.go go fmt: use go 1.18 conditional-build syntax 2022-03-18 09:11:53 +01:00
utils.go Merge pull request #16315 from flouthoc/remote-ignore-symlink 2023-03-28 23:23:07 +02:00
utils_darwin.go pkg: switch to golang native error wrapping 2022-07-08 08:54:47 +02:00
utils_freebsd.go pkg/util: Add pid information descriptors for FreeBSD 2022-10-17 15:33:04 +01:00
utils_linux.go Do not mount /dev/tty into rootless containers 2023-01-31 22:10:26 +02:00
utils_linux_test.go Match VT device paths to be blocked from mounting exactly 2023-01-28 05:18:40 -05:00
utils_supported.go Eval symlinks on XDG_RUNTIME_DIR 2022-10-28 14:32:39 -04:00
utils_test.go utils: new conversion method 2023-02-01 09:26:50 +01:00
utils_unsupported.go pkg: Build pkg/util on FreeBSD 2022-08-13 07:53:34 +01:00
utils_windows.go pkg: switch to golang native error wrapping 2022-07-08 08:54:47 +02:00