zishuo/runc
1
0
Fork 0
mirror of https://github.com/opencontainers/runc.git synced 2025-10-10 09:50:26 +08:00
Code Issues Packages Projects Releases Wiki Activity

deps: update to github.com/cyphar/filepath-securejoin@v0.4.1

Browse Source 
This release includes a minor breaking API change that requires us to
rework the types of our wrappers, but there is no practical behaviour
change.

Signed-off-by: Aleksa Sarai <cyphar@cyphar.com>
This commit is contained in:
Aleksa Sarai
2025-01-13 18:54:47 +11:00
parent 8702864454
commit 70e500e7d1
8 changed files with 136 additions and 30 deletions
Download Patch File Download Diff File Expand all files Collapse all files

9
libcontainer/utils/utils_unix.go
View File

@@ -287,9 +287,6 @@ func IsLexicallyInRoot(root, path string) bool {
// try to detect any symlink components in the path while we are doing the
// MkdirAll.
//
// NOTE: Unlike os.MkdirAll, mode is not Go's os.FileMode, it is the unix mode
// (the suid/sgid/sticky bits are not the same as for os.FileMode).
//
// NOTE: If unsafePath is a subpath of root, we assume that you have already
// called SecureJoin and so we use the provided path verbatim without resolving
// any symlinks (this is done in a way that avoids symlink-exchange races).
@@ -300,7 +297,7 @@ func IsLexicallyInRoot(root, path string) bool {
// handling if unsafePath has already been scoped within the rootfs (this is
// needed for a lot of runc callers and fixing this would require reworking a
// lot of path logic).
func MkdirAllInRootOpen(root, unsafePath string, mode uint32) (_ *os.File, Err error) {
func MkdirAllInRootOpen(root, unsafePath string, mode os.FileMode) (_ *os.File, Err error) {
// If the path is already "within" the root, get the path relative to the
// root and use that as the unsafe path. This is necessary because a lot of
// MkdirAllInRootOpen callers have already done SecureJoin, and refactoring
@@ -334,12 +331,12 @@ func MkdirAllInRootOpen(root, unsafePath string, mode uint32) (_ *os.File, Err e
}
defer rootDir.Close()
return securejoin.MkdirAllHandle(rootDir, unsafePath, int(mode))
return securejoin.MkdirAllHandle(rootDir, unsafePath, mode)
}
// MkdirAllInRoot is a wrapper around MkdirAllInRootOpen which closes the
// returned handle, for callers that don't need to use it.
func MkdirAllInRoot(root, unsafePath string, mode uint32) error {
func MkdirAllInRoot(root, unsafePath string, mode os.FileMode) error {
f, err := MkdirAllInRootOpen(root, unsafePath, mode)
if err == nil {
_ = f.Close()