mirror of
https://github.com/containers/podman.git
synced 2025-10-16 02:32:55 +08:00
pod/container create: resolve conflicts of generated names
Address the TOCTOU when generating random names by having at most 10 attempts to assign a random name when creating a pod or container. [NO TESTS NEEDED] since I do not know a way to force a conflict with randomly generated names in a reasonable time frame. Fixes: #11735 Signed-off-by: Valentin Rothberg <rothberg@redhat.com>
This commit is contained in:
@ -43,18 +43,6 @@ func (r *Runtime) NewPod(ctx context.Context, p specgen.PodSpecGenerator, option
|
||||
}
|
||||
}
|
||||
|
||||
if pod.config.Name == "" {
|
||||
name, err := r.generateName()
|
||||
if err != nil {
|
||||
return nil, err
|
||||
}
|
||||
pod.config.Name = name
|
||||
}
|
||||
|
||||
if p.InfraContainerSpec != nil && p.InfraContainerSpec.Hostname == "" {
|
||||
p.InfraContainerSpec.Hostname = pod.config.Name
|
||||
}
|
||||
|
||||
// Allocate a lock for the pod
|
||||
lock, err := r.lockManager.AllocateLock()
|
||||
if err != nil {
|
||||
@ -131,9 +119,33 @@ func (r *Runtime) NewPod(ctx context.Context, p specgen.PodSpecGenerator, option
|
||||
logrus.Infof("Pod has an infra container, but shares no namespaces")
|
||||
}
|
||||
|
||||
if err := r.state.AddPod(pod); err != nil {
|
||||
return nil, errors.Wrapf(err, "error adding pod to state")
|
||||
// Unless the user has specified a name, use a randomly generated one.
|
||||
// Note that name conflicts may occur (see #11735), so we need to loop.
|
||||
generateName := pod.config.Name == ""
|
||||
var addPodErr error
|
||||
for {
|
||||
if generateName {
|
||||
name, err := r.generateName()
|
||||
if err != nil {
|
||||
return nil, err
|
||||
}
|
||||
pod.config.Name = name
|
||||
}
|
||||
|
||||
if p.InfraContainerSpec != nil && p.InfraContainerSpec.Hostname == "" {
|
||||
p.InfraContainerSpec.Hostname = pod.config.Name
|
||||
}
|
||||
if addPodErr = r.state.AddPod(pod); addPodErr == nil {
|
||||
return pod, nil
|
||||
}
|
||||
if !generateName || (errors.Cause(addPodErr) != define.ErrPodExists && errors.Cause(addPodErr) != define.ErrCtrExists) {
|
||||
break
|
||||
}
|
||||
}
|
||||
if addPodErr != nil {
|
||||
return nil, errors.Wrapf(addPodErr, "error adding pod to state")
|
||||
}
|
||||
|
||||
return pod, nil
|
||||
}
|
||||
|
||||
|
Reference in New Issue
Block a user