diff options
| author | Lokesh Mandvekar <lsm5@fedoraproject.org> | 2022-04-22 13:36:18 -0400 | 
|---|---|---|
| committer | Lokesh Mandvekar <lsm5@fedoraproject.org> | 2022-04-22 16:31:43 -0400 | 
| commit | 44642bee8720c0a19c97c6e116d725fd5f95daad (patch) | |
| tree | b1e412993b519f5e64762621a6293f19713085c7 | |
| parent | 1a768dbc089c91dda7f552cb89134be9fa498136 (diff) | |
| download | podman-44642bee8720c0a19c97c6e116d725fd5f95daad.tar.gz podman-44642bee8720c0a19c97c6e116d725fd5f95daad.tar.bz2 podman-44642bee8720c0a19c97c6e116d725fd5f95daad.zip | |
libpod/networking_linux.go: switch to sha256 hashes
SHA-1 is prone to collisions.
This will likely break connectivity between old containers started
before update and containers started after update. It will also fail to
cleanup old netns. A reboot will fix this, so a reboot is recommended
after update.
[NO NEW TESTS NEEDED]
Signed-off-by: Lokesh Mandvekar <lsm5@fedoraproject.org>
| -rw-r--r-- | libpod/networking_linux.go | 4 | 
1 files changed, 2 insertions, 2 deletions
| diff --git a/libpod/networking_linux.go b/libpod/networking_linux.go index 41beaf41d..0db0896cf 100644 --- a/libpod/networking_linux.go +++ b/libpod/networking_linux.go @@ -5,7 +5,7 @@ package libpod  import (  	"crypto/rand" -	"crypto/sha1" +	"crypto/sha256"  	"fmt"  	"io/ioutil"  	"net" @@ -402,7 +402,7 @@ func (r *Runtime) GetRootlessNetNs(new bool) (*RootlessNetNS, error) {  	// the cleanup will check if there are running containers  	// if you run a several libpod instances with different root/runroot directories this check will fail  	// we want one netns for each libpod static dir so we use the hash to prevent name collisions -	hash := sha1.Sum([]byte(r.config.Engine.StaticDir)) +	hash := sha256.Sum256([]byte(r.config.Engine.StaticDir))  	netnsName := fmt.Sprintf("%s-%x", rootlessNetNsName, hash[:10])  	path := filepath.Join(nsDir, netnsName) | 
