summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorMatthew Heon <matthew.heon@pm.me>2019-05-28 13:11:55 -0400
committerMatthew Heon <matthew.heon@pm.me>2019-05-29 22:53:50 -0400
commit49dc18552a13ee76dc012c35ff073ed07aaeb05b (patch)
treede277e6e99da208a73ab1eacc3b9a81053d92adf
parent7b7d54242c2aa0846766f2063e3bd4fe72999a3b (diff)
downloadpodman-49dc18552a13ee76dc012c35ff073ed07aaeb05b.tar.gz
podman-49dc18552a13ee76dc012c35ff073ed07aaeb05b.tar.bz2
podman-49dc18552a13ee76dc012c35ff073ed07aaeb05b.zip
Pause containers while copying into them
Should fix CVE-2018-15664 for Podman. Signed-off-by: Matthew Heon <matthew.heon@pm.me>
-rw-r--r--cmd/podman/cliconfig/create.go1
-rw-r--r--cmd/podman/cp.go18
2 files changed, 16 insertions, 3 deletions
diff --git a/cmd/podman/cliconfig/create.go b/cmd/podman/cliconfig/create.go
index 49ab3d827..5fb2eed10 100644
--- a/cmd/podman/cliconfig/create.go
+++ b/cmd/podman/cliconfig/create.go
@@ -24,4 +24,5 @@ type BuildValues struct {
type CpValues struct {
PodmanCommand
Extract bool
+ Pause bool
}
diff --git a/cmd/podman/cp.go b/cmd/podman/cp.go
index 5addf88d3..7092da5e7 100644
--- a/cmd/podman/cp.go
+++ b/cmd/podman/cp.go
@@ -50,6 +50,7 @@ func init() {
cpCommand.Command = _cpCommand
flags := cpCommand.Flags()
flags.BoolVar(&cpCommand.Extract, "extract", false, "Extract the tar file into the destination directory.")
+ flags.BoolVar(&cpCommand.Pause, "pause", true, "Pause the container while copying")
cpCommand.SetHelpTemplate(HelpTemplate())
cpCommand.SetUsageTemplate(UsageTemplate())
rootCmd.AddCommand(cpCommand.Command)
@@ -67,11 +68,10 @@ func cpCmd(c *cliconfig.CpValues) error {
}
defer runtime.Shutdown(false)
- extract := c.Flag("extract").Changed
- return copyBetweenHostAndContainer(runtime, args[0], args[1], extract)
+ return copyBetweenHostAndContainer(runtime, args[0], args[1], c.Extract, c.Pause)
}
-func copyBetweenHostAndContainer(runtime *libpod.Runtime, src string, dest string, extract bool) error {
+func copyBetweenHostAndContainer(runtime *libpod.Runtime, src string, dest string, extract bool, pause bool) error {
srcCtr, srcPath := parsePath(runtime, src)
destCtr, destPath := parsePath(runtime, dest)
@@ -94,6 +94,18 @@ func copyBetweenHostAndContainer(runtime *libpod.Runtime, src string, dest strin
return err
}
defer ctr.Unmount(false)
+
+ if pause {
+ if err := ctr.Pause(); err != nil {
+ return err
+ }
+ defer func() {
+ if err := ctr.Unpause(); err != nil {
+ logrus.Errorf("Error unpausing container after copying: %v", err)
+ }
+ }()
+ }
+
user, err := getUser(mountPoint, ctr.User())
if err != nil {
return err