opencontainers/runc
1
0
Fork 0
mirror of https://github.com/opencontainers/runc.git synced 2025-08-05 14:35:47 +03:00
Code Activity

cgroupv2: use SecureJoin in systemd driver

Browse Source 
It seems that some paths are coming from user and are therefore
untrusted.

Signed-off-by: Kir Kolyshkin <kolyshkin@gmail.com>
This commit is contained in:
Kir Kolyshkin
2020-04-05 20:12:20 -07:00
parent 9c80cd672d
commit 88c13c0713
1 changed files with 8 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files

9
libcontainer/cgroups/systemd/unified_hierarchy.go
View File

@@ -13,6 +13,7 @@ import (
"time" "time"
systemdDbus "github.com/coreos/go-systemd/v22/dbus" systemdDbus "github.com/coreos/go-systemd/v22/dbus"
securejoin "github.com/cyphar/filepath-securejoin"
"github.com/opencontainers/runc/libcontainer/cgroups" "github.com/opencontainers/runc/libcontainer/cgroups"
"github.com/opencontainers/runc/libcontainer/cgroups/fs2" "github.com/opencontainers/runc/libcontainer/cgroups/fs2"
"github.com/opencontainers/runc/libcontainer/configs" "github.com/opencontainers/runc/libcontainer/configs"
@@ -213,7 +214,13 @@ func (m *UnifiedManager) GetUnifiedPath() (string, error) {
return "", err return "", err
} }
m.path = filepath.Join(fs2.UnifiedMountpoint, slice, getUnitName(c)) path := filepath.Join(slice, getUnitName(c))
path, err = securejoin.SecureJoin(fs2.UnifiedMountpoint, path)
if err != nil {
return "", err
}
m.path = path
return m.path, nil return m.path, nil
} }