opensource/podman
1
0
Fork 0
mirror of https://github.com/containers/podman.git synced 2025-12-01 02:27:13 +08:00
Code Issues Packages Projects Releases Wiki Activity

vendor: update buildah to latest

Browse Source 
Includes a fix for CVE-2024-9407

Signed-off-by: Paul Holzinger <pholzing@redhat.com>
This commit is contained in:
Paul Holzinger
2024-10-02 11:29:28 +02:00
parent dde1c3d98c
commit 83a0299309
106 changed files with 1414 additions and 1115 deletions
Download Patch File Download Diff File Expand all files Collapse all files

11
vendor/github.com/containers/buildah/bind/mount.go generated vendored
View File

@@ -1,5 +1,4 @@
//go:build linux
// +build linux
package bind
@@ -49,7 +48,7 @@ func SetupIntermediateMountNamespace(spec *specs.Spec, bundlePath string) (unmou
if err != nil {
return nil, fmt.Errorf("checking permissions on %q: %w", bundlePath, err)
}
if err = os.Chmod(bundlePath, info.Mode()|0111); err != nil {
if err = os.Chmod(bundlePath, info.Mode()|0o111); err != nil {
return nil, fmt.Errorf("loosening permissions on %q: %w", bundlePath, err)
}
@@ -116,7 +115,7 @@ func SetupIntermediateMountNamespace(spec *specs.Spec, bundlePath string) (unmou
// other unprivileged users outside of containers, shouldn't be able to
// access.
mnt := filepath.Join(bundlePath, "mnt")
if err = idtools.MkdirAndChown(mnt, 0100, idtools.IDPair{UID: int(rootUID), GID: int(rootGID)}); err != nil {
if err = idtools.MkdirAndChown(mnt, 0o100, idtools.IDPair{UID: int(rootUID), GID: int(rootGID)}); err != nil {
return unmountAll, fmt.Errorf("creating %q owned by the container's root user: %w", mnt, err)
}
@@ -129,7 +128,7 @@ func SetupIntermediateMountNamespace(spec *specs.Spec, bundlePath string) (unmou
// Create a bind mount for the root filesystem and add it to the list.
rootfs := filepath.Join(mnt, "rootfs")
if err = os.Mkdir(rootfs, 0000); err != nil {
if err = os.Mkdir(rootfs, 0o000); err != nil {
return unmountAll, fmt.Errorf("creating directory %q: %w", rootfs, err)
}
if err = unix.Mount(rootPath, rootfs, "", unix.MS_BIND|unix.MS_REC|unix.MS_PRIVATE, ""); err != nil {
@@ -160,13 +159,13 @@ func SetupIntermediateMountNamespace(spec *specs.Spec, bundlePath string) (unmou
if info.IsDir() {
// If the source is a directory, make one to use as the
// mount target.
if err = os.Mkdir(stage, 0000); err != nil {
if err = os.Mkdir(stage, 0o000); err != nil {
return unmountAll, fmt.Errorf("creating directory %q: %w", stage, err)
}
} else {
// If the source is not a directory, create an empty
// file to use as the mount target.
file, err := os.OpenFile(stage, os.O_WRONLY|os.O_CREATE, 0000)
file, err := os.OpenFile(stage, os.O_WRONLY|os.O_CREATE, 0o000)
if err != nil {
return unmountAll, fmt.Errorf("creating file %q: %w", stage, err)
}