Giuseppe Scrivano 4d56292e7a libpod: mount safely subpaths ...

add a function to securely mount a subpath inside a volume.  We cannot
trust that the subpath is safe since it is beneath a volume that could
be controlled by a separate container.  To avoid TOCTOU races between
when we check the subpath and when the OCI runtime mounts it, we open
the subpath, validate it, bind mount to a temporary directory and use
it instead of the original path.

Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>

2023-03-31 19:48:03 +02:00

..

camelcase

Fix typos

2023-02-11 18:23:24 +01:00

filters_test.go

prune filter handling

2022-07-25 09:28:26 -04:00

filters.go

prune filter handling

2022-07-25 09:28:26 -04:00

kube.go

play kube: Allow the user to import the contents of a tar file into a volume

2022-10-25 15:11:25 +03:00

mountOpts_linux.go

Turn off 'noexec' option by default for named volumes

2020-05-20 16:48:20 -04:00

mountOpts_other.go

go fmt: use go 1.18 conditional-build syntax

2022-03-18 09:11:53 +01:00

mountOpts.go

libpod: mount safely subpaths

2023-03-31 19:48:03 +02:00

utils_darwin.go

pkg: switch to golang native error wrapping

2022-07-08 08:54:47 +02:00

utils_freebsd.go

pkg/util: Add pid information descriptors for FreeBSD

2022-10-17 15:33:04 +01:00

utils_linux_test.go

Match VT device paths to be blocked from mounting exactly

2023-01-28 05:18:40 -05:00

utils_linux.go

Do not mount /dev/tty into rootless containers

2023-01-31 22:10:26 +02:00

utils_supported.go

Eval symlinks on XDG_RUNTIME_DIR

2022-10-28 14:32:39 -04:00

utils_test.go

utils: new conversion method

2023-02-01 09:26:50 +01:00

utils_unsupported.go

pkg: Build pkg/util on FreeBSD

2022-08-13 07:53:34 +01:00

utils_windows.go

pkg: switch to golang native error wrapping

2022-07-08 08:54:47 +02:00

utils.go

Merge pull request #16315 from flouthoc/remote-ignore-symlink

2023-03-28 23:23:07 +02:00