Update to runc 1.1.12
Signed-off-by: Davanum Srinivas <davanum@gmail.com>
This commit is contained in:
Davanum Srinivas
37
vendor/github.com/opencontainers/runc/libcontainer/setns_init_linux.go
generated
vendored
37
vendor/github.com/opencontainers/runc/libcontainer/setns_init_linux.go
generated
vendored
@@ -4,6 +4,7 @@ import (
|
||||
"errors"
|
||||
"fmt"
|
||||
"os"
|
||||
"os/exec"
|
||||
"strconv"
|
||||
|
||||
"github.com/opencontainers/selinux/go-selinux"
|
||||
@@ -14,6 +15,7 @@ import (
|
||||
"github.com/opencontainers/runc/libcontainer/keys"
|
||||
"github.com/opencontainers/runc/libcontainer/seccomp"
|
||||
"github.com/opencontainers/runc/libcontainer/system"
|
||||
"github.com/opencontainers/runc/libcontainer/utils"
|
||||
)
|
||||
|
||||
// linuxSetnsInit performs the container's initialization for running a new process
|
||||
@@ -82,6 +84,21 @@ func (l *linuxSetnsInit) Init() error {
|
||||
if err := apparmor.ApplyProfile(l.config.AppArmorProfile); err != nil {
|
||||
return err
|
||||
}
|
||||
|
||||
// Check for the arg before waiting to make sure it exists and it is
|
||||
// returned as a create time error.
|
||||
name, err := exec.LookPath(l.config.Args[0])
|
||||
if err != nil {
|
||||
return err
|
||||
}
|
||||
// exec.LookPath in Go < 1.20 might return no error for an executable
|
||||
// residing on a file system mounted with noexec flag, so perform this
|
||||
// extra check now while we can still return a proper error.
|
||||
// TODO: remove this once go < 1.20 is not supported.
|
||||
if err := eaccess(name); err != nil {
|
||||
return &os.PathError{Op: "eaccess", Path: name, Err: err}
|
||||
}
|
||||
|
||||
// Set seccomp as close to execve as possible, so as few syscalls take
|
||||
// place afterward (reducing the amount of syscalls that users need to
|
||||
// enable in their seccomp profiles).
|
||||
@@ -101,5 +118,23 @@ func (l *linuxSetnsInit) Init() error {
|
||||
return &os.PathError{Op: "close log pipe", Path: "fd " + strconv.Itoa(l.logFd), Err: err}
|
||||
}
|
||||
|
||||
return system.Execv(l.config.Args[0], l.config.Args[0:], os.Environ())
|
||||
// Close all file descriptors we are not passing to the container. This is
|
||||
// necessary because the execve target could use internal runc fds as the
|
||||
// execve path, potentially giving access to binary files from the host
|
||||
// (which can then be opened by container processes, leading to container
|
||||
// escapes). Note that because this operation will close any open file
|
||||
// descriptors that are referenced by (*os.File) handles from underneath
|
||||
// the Go runtime, we must not do any file operations after this point
|
||||
// (otherwise the (*os.File) finaliser could close the wrong file). See
|
||||
// CVE-2024-21626 for more information as to why this protection is
|
||||
// necessary.
|
||||
//
|
||||
// This is not needed for runc-dmz, because the extra execve(2) step means
|
||||
// that all O_CLOEXEC file descriptors have already been closed and thus
|
||||
// the second execve(2) from runc-dmz cannot access internal file
|
||||
// descriptors from runc.
|
||||
if err := utils.UnsafeCloseFrom(l.config.PassedFilesCount + 3); err != nil {
|
||||
return err
|
||||
}
|
||||
return system.Exec(name, l.config.Args[0:], os.Environ())
|
||||
}
|
||||
|
||||
Reference in New Issue
Block a user