opencontainers/runc
1
0
Fork 0
mirror of https://github.com/opencontainers/runc.git synced 2025-08-01 05:06:52 +03:00
Code Activity

cgroupv2: use SecureJoin in systemd driver

Browse Source 
It seems that some paths are coming from user and are therefore
untrusted.

Signed-off-by: Kir Kolyshkin <kolyshkin@gmail.com>
This commit is contained in:
Kir Kolyshkin
2020-04-05 20:12:20 -07:00
parent 9c80cd672d
commit 88c13c0713
1 changed files with 8 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files

9
libcontainer/cgroups/systemd/unified_hierarchy.go
View File

@ -13,6 +13,7 @@ import (
"time"
systemdDbus "github.com/coreos/go-systemd/v22/dbus"
securejoin "github.com/cyphar/filepath-securejoin"
"github.com/opencontainers/runc/libcontainer/cgroups"
"github.com/opencontainers/runc/libcontainer/cgroups/fs2"
"github.com/opencontainers/runc/libcontainer/configs"
@ -213,7 +214,13 @@ func (m *UnifiedManager) GetUnifiedPath() (string, error) {
return "", err
}
m.path = filepath.Join(fs2.UnifiedMountpoint, slice, getUnitName(c))
path := filepath.Join(slice, getUnitName(c))
path, err = securejoin.SecureJoin(fs2.UnifiedMountpoint, path)
if err != nil {
return "", err
}
m.path = path
return m.path, nil
}