github/containerd
2
0
Fork 0
Code Issues Pull Requests Packages Projects Releases 2 Wiki Activity

Use RootPath for resolving path inside of an image

Browse Source 
Prevents unintentional lookup of host passwd file

Signed-off-by: Derek McGowan <derek@mcgstyle.net>
This commit is contained in:
Derek McGowan 2017-08-25 13:10:39 -07:00
parent e4a77fcc0a
commit 44e266b7a7
No known key found for this signature in database
GPG Key ID: F58C5D0A4405ACDB
1 changed files with 11 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

13
spec_opts_unix.go
View File

@ -16,6 +16,7 @@ import (
"github.com/containerd/containerd/containers"
"github.com/containerd/containerd/content"
"github.com/containerd/containerd/fs"
"github.com/containerd/containerd/images"
"github.com/containerd/containerd/namespaces"
"github.com/opencontainers/image-spec/identity"
@ -322,7 +323,11 @@ func WithUserID(uid uint32) SpecOpts {
}
}
defer unix.Unmount(root, 0)
f, err := os.Open(filepath.Join(root, "/etc/passwd"))
ppath, err := fs.RootPath(root, "/etc/passwd")
if err != nil {
return err
}
f, err := os.Open(ppath)
if err != nil {
return err
}
@ -370,7 +375,11 @@ func WithUsername(username string) SpecOpts {
}
}
defer unix.Unmount(root, 0)
f, err := os.Open(filepath.Join(root, "/etc/passwd"))
ppath, err := fs.RootPath(root, "/etc/passwd")
if err != nil {
return err
}
f, err := os.Open(ppath)
if err != nil {
return err
}