mirror of
https://github.com/containers/podman.git
synced 2025-10-20 12:43:58 +08:00

For ConfigMap and Secret kube play volumes podman populates the data from the yaml. However the volume content is not controlled by us and we can be tricked following a symlink to a file on the host instead. Fixes: CVE-2025-9566 Fixes: https://issues.redhat.com/browse/RHEL-113140, https://issues.redhat.com/browse/RHEL-113151 Signed-off-by: Paul Holzinger <pholzing@redhat.com> Signed-off-by: tomsweeneyredhat <tsweeney@redhat.com>