opensource/podman
1
0
Fork 0
mirror of https://github.com/containers/podman.git synced 2025-10-11 08:15:25 +08:00
Code Issues Packages Projects Releases Wiki Activity
Files
podman/pkg
History
Paul Holzinger ca994186f0 kube play: don't follow volume symlinks onto the host 
For ConfigMap and Secret kube play volumes podman populates the data
from the yaml. However the volume content is not controlled by us and we
can be tricked following a symlink to a file on the host instead.

Fixes: CVE-2025-9566

Signed-off-by: Paul Holzinger <pholzing@redhat.com>
(cherry picked from commit 43fbde4e665fe6cee6921868f04b7ccd3de5ad89)
Signed-off-by: Paul Holzinger <pholzing@redhat.com>
2025-09-04 16:19:25 +02:00
..
annotations
update golangci-lint to 1.60.1
2024-08-19 11:41:28 +02:00
api
feat: add Podman artifact support to Go bindings and remote clients
2025-08-08 09:21:45 -04:00
auth
Update CI to run Windows unit tests
2025-03-16 13:40:16 +00:00
autoupdate
podman auto-update: include container in invalid policy message
2025-07-14 14:34:22 +02:00
bindings
feat: add Podman artifact support to Go bindings and remote clients
2025-08-08 09:21:45 -04:00
channel
bump golangci-lint to v1.50.1
2022-12-15 13:39:56 +01:00
checkpoint
Enable pod restore with crun
2024-10-21 17:37:20 +01:00
copy
Fix windows path handling in podman cp
2025-04-08 15:23:08 -07:00
criu
chore: delete obsolete // +build lines
2024-01-04 11:53:38 +02:00
ctime
update golangci/golangci-lint to v1.63.4
2025-01-07 15:48:53 +01:00
domain
kube play: don't follow volume symlinks onto the host
2025-09-04 16:19:25 +02:00
emulation
pkg/emulation.parseBinfmtMisc(): accept empty "flags" fields
2025-07-23 15:53:39 -04:00
env
update golangci/golangci-lint to v1.63.4
2025-01-07 15:48:53 +01:00
errorhandling
pkg/errorhandling: remove deadcode
2025-06-26 19:37:14 +02:00
farm
pkg/farm: remove deadcode
2025-06-26 19:37:14 +02:00
fileserver
pkg/fileserver: remove deadcode
2025-06-26 19:37:15 +02:00
inspect
Bump Go module to v5
2024-02-08 09:35:39 -05:00
k8s.io
Pod YAML: Add support for lifecycle.stopSignal
2025-06-23 08:23:31 -04:00
libartifact
feat: add Podman artifact support to Go bindings and remote clients
2025-08-08 09:21:45 -04:00
logiface
Initial implementation of podman quadlet commands
2025-07-18 13:57:11 -07:00
lookup
Cease using deprecated runc userlookup
2024-02-02 11:02:43 -05:00
machine
windows: do not convert unconfined seccomp path
2025-08-21 11:56:47 +00:00
namespaces
pkg/namespaces: remove deadcode
2025-06-26 19:37:15 +02:00
parallel
pkg/parallel: remove deadcode
2025-06-26 19:37:15 +02:00
pidhandle
Verify the ExecSession pid before killing it.
2025-05-06 06:24:13 +02:00
ps
add filter for container command
2025-03-02 19:47:44 +02:00
rctl
pkg/rctl: fix fprintf statement
2025-03-31 12:27:55 -07:00
rootless
pkg/rootless: remove deadcode
2025-06-26 19:37:16 +02:00
seccomp
pkg: switch to golang native error wrapping
2022-07-08 08:54:47 +02:00
selinux
signal
pkg/signal: ignore SIGTOP for signal proxy
2025-04-30 19:43:13 +02:00
specgen
Clarifies error message when using an improperly formatted secret with kube
2025-07-10 12:19:28 -04:00
specgenutil
windows: do not convert unconfined seccomp path
2025-08-21 11:56:47 +00:00
specgenutilexternal
Allow not specifying type with --mount flag
2025-05-30 14:47:13 -04:00
syncmap
Add syncmap package and use it for graph stop/remove
2025-02-17 14:32:34 -05:00
systemd
Initial implementation of podman quadlet commands
2025-07-18 13:57:11 -07:00
terminal
Fix Lint on Windows and enable the job
2024-02-20 08:06:18 -05:00
trust
go1.23: use std maps package
2025-03-11 17:21:24 +01:00
util
Merge pull request #26238 from ArthurWuTW/26102
2025-07-04 10:55:02 +00:00