libpod/networking_linux.go: switch to sha256 hashes

SHA-1 is prone to collisions. This will likely break connectivity between old containers started before update and containers started after update. It will also fail to cleanup old netns. A reboot will fix this, so a reboot is recommended after update. [NO NEW TESTS NEEDED] Signed-off-by: Lokesh Mandvekar <lsm5@fedoraproject.org> (cherry picked from commit 44642bee8720c0a19c97c6e116d725fd5f95daad) Signed-off-by: Lokesh Mandvekar <lsm5@fedoraproject.org>
2025-05-17 23:26:08 +08:00 · 2022-04-22 13:36:18 -04:00
parent 94aa32943a
commit cb036e5ef7
1 changed files with 2 additions and 2 deletions
--- a/libpod/networking_linux.go
+++ b/libpod/networking_linux.go
@ -4,7 +4,7 @@ package libpod

 import (
 	"crypto/rand"
-	"crypto/sha1"
+	"crypto/sha256"
 	"fmt"
 	"io/ioutil"
 	"net"
@ -398,7 +398,7 @@ func (r *Runtime) GetRootlessNetNs(new bool) (*RootlessNetNS, error) {
 	// the cleanup will check if there are running containers
 	// if you run a several libpod instances with different root/runroot directories this check will fail
 	// we want one netns for each libpod static dir so we use the hash to prevent name collisions
-	hash := sha1.Sum([]byte(r.config.Engine.StaticDir))
+	hash := sha256.Sum256([]byte(r.config.Engine.StaticDir))
 	netnsName := fmt.Sprintf("%s-%x", rootlessNetNsName, hash[:10])

 	path := filepath.Join(nsDir, netnsName)