While looking through the Moby source code was found /proc/asound to be shared
with containers as read-only.
This can lead to two information leaks.
---
**Leak of media playback status of the host**
Steps to reproduce the issue:
- Listen to music/Play a YouTube video/Do anything else that involves sound
output
- Execute docker run --rm ubuntu:latest bash -c "sleep 7; cat
/proc/asound/card*/pcm*p/sub*/status | grep state | cut -d ' ' -f2 | grep
RUNNING || echo 'not running'"
- See that the containerized process is able to check whether someone on the
host is playing music as it prints RUNNING
- Stop the music output
- Execute the command again (The sleep is delaying the output because
information regarding playback status isn't propagated instantly)
- See that it outputs not running
**Describe the results you received:**
A containerized process is able to gather information on the playback
status of an audio device governed by the host. Therefore a process of a
container is able to check whether and what kind of user activity is
present on the host system. Also, this may indicate whether a container
runs on a desktop system or a server as media playback rarely happens on
server systems.
The description above is in regard to media playback - when examining
`/proc/asound/card*/pcm*c/sub*/status` (`pcm*c` instead of `pcm*p`) this
can also leak information regarding capturing sound, as in recording
audio or making calls on the host system.
Reported-by: Philipp Schmied <pschmied@mailbox.org>
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
In many cases code is calling errors.Wrapf with an arbitrary string
instead of a format string. This causes confusing errors when the
wrapped error message contains '%' characters.
This change replaces such calls with calls to errors.Wrap.
Signed-off-by: John Starks <jostarks@microsoft.com>
support checkpoint without committing a checkpoint dir into a
checkpoint image and restore without untar image into checkpoint
directory. support for both v1 and v2 runtime
Signed-off-by: Ace-Tang <aceapril@126.com>
Signed-off-by: John Howard <jhoward@microsoft.com>
Allows containerd.exe to run as a Windows service. eg
Register: `.\containerd.exe --register-service`
Start: `net start containerd`
...
Stop: `net stop containerd`
Unregister: `.\containerd.exe --unregister-service`
When running as a service, logs will go to the Windows application
event log.
add ImagePath and WorkPath for checkpoint process, add CriuImagePath
and CriuWorkPath for create process in runtime v2 protobuf
Signed-off-by: Ace-Tang <aceapril@126.com>
add ImagePath and WorkPath for checkpoint process, add CriuImagePath
and CriuWorkPath for create process in runtime v1 protobuf
Signed-off-by: Ace-Tang <aceapril@126.com>
when use `ctr t checkpoint`, runtime name should get from container
info, but not passed by flag, since task has already running with
specified runtime
Signed-off-by: Ace-Tang <aceapril@126.com>
