opensource/podman
1
0
Fork 0
mirror of https://github.com/containers/podman.git synced 2025-10-20 04:34:01 +08:00
Code Issues Packages Projects Releases Wiki Activity
Files
podman/pkg/specgen/generate
History
Matt Heon 0f18a0144a Do not include image annotations when building spec 
These annotations can have security implications - crun, for
example, allows rootless containers to preserve the user's groups
through an annotation. We absolutely should not include
annotations from an untrusted image off the internet by default.

We may consider whitelisting some annotations (e.g. the legacy
WASM annotations), but given that there is now a more explicit
way of specifying an image uses the WASM runtime in the OCI image
spec, I'm just tearing this out entirely for now.

Signed-off-by: Matt Heon <mheon@redhat.com>
2023-05-22 17:41:19 +00:00
..
kube
chore: replace github.com/ghodss/yaml with sigs.k8s.io/yaml
2023-04-06 21:11:17 +08:00
config_linux_cgo.go
Replace deprecated ioutil
2022-09-20 15:34:27 -04:00
config_linux_nocgo.go
go fmt: use go 1.18 conditional-build syntax
2022-03-18 09:11:53 +01:00
config_linux_test.go
Add filepath glob support to --security-opt unmask
2021-05-04 14:40:43 -04:00
config_linux.go
specgen: support CDI devices from containers.conf
2022-11-25 11:44:38 +01:00
container_create.go
Add support for cgroup_config from containers.conf
2023-04-01 11:12:13 -04:00
container.go
Do not include image annotations when building spec
2023-05-22 17:41:19 +00:00
namespaces_freebsd.go
Fix stutters
2022-09-10 07:52:00 -04:00
namespaces_linux.go
Stop recording annotations set to false
2022-12-19 16:07:33 -05:00
namespaces_unsupported.go
specgen/generate: Add support for FreeBSD
2022-08-30 11:24:57 +01:00
namespaces.go
libpod: allow userns=keep-id for root
2023-02-03 12:44:30 +01:00
oci_freebsd.go
Stop recording annotations set to false
2022-12-19 16:07:33 -05:00
oci_linux.go
Fix typos
2023-02-11 18:23:24 +01:00
oci_unsupported.go
specgen/generate: Add support for FreeBSD
2022-08-30 11:24:57 +01:00
oci.go
specgen/generate: Move SpecGenToOCI, WeightDevices to oci_linux.go and add stubs.
2022-08-30 11:23:58 +01:00
pause_image.go
Replace deprecated ioutil
2022-09-20 15:34:27 -04:00
pod_create_test.go
Allow namespace path network option for pods.
2022-11-04 11:26:06 +01:00
pod_create.go
Support sysctl configs via podman kube play
2023-02-16 19:06:38 +05:30
ports_bench_test.go
fix a number of errcheck issues
2022-03-22 13:15:28 +01:00
ports_test.go
bump golangci-lint to v1.50.1
2022-12-15 13:39:56 +01:00
ports.go
Fixes port collision issue on use of --publish-all
2023-01-30 14:52:57 -07:00
rlimit_int64.go
pkg/specgen: Add stubs for non-linux builds
2022-08-15 10:45:23 +01:00
rlimit_uint64.go
pkg/specgen: Add stubs for non-linux builds
2022-08-15 10:45:23 +01:00
security_freebsd.go
specgen/generate: Add support for FreeBSD
2022-08-30 11:24:57 +01:00
security_linux.go
specgen/generate: Move security.go to security_linux.go and add stubs
2022-08-29 13:06:15 +01:00
security_unsupported.go
specgen/generate: Add support for FreeBSD
2022-08-30 11:24:57 +01:00
storage.go
Add containers.conf read-only flag support
2022-12-22 11:57:28 -05:00
validate.go
Replace deprecated ioutil
2022-09-20 15:34:27 -04:00