diff options
author | Matthew Heon <matthew.heon@pm.me> | 2019-05-28 13:11:55 -0400 |
---|---|---|
committer | Matthew Heon <matthew.heon@pm.me> | 2019-05-29 22:53:50 -0400 |
commit | 49dc18552a13ee76dc012c35ff073ed07aaeb05b (patch) | |
tree | de277e6e99da208a73ab1eacc3b9a81053d92adf | |
parent | 7b7d54242c2aa0846766f2063e3bd4fe72999a3b (diff) | |
download | podman-49dc18552a13ee76dc012c35ff073ed07aaeb05b.tar.gz podman-49dc18552a13ee76dc012c35ff073ed07aaeb05b.tar.bz2 podman-49dc18552a13ee76dc012c35ff073ed07aaeb05b.zip |
Pause containers while copying into them
Should fix CVE-2018-15664 for Podman.
Signed-off-by: Matthew Heon <matthew.heon@pm.me>
-rw-r--r-- | cmd/podman/cliconfig/create.go | 1 | ||||
-rw-r--r-- | cmd/podman/cp.go | 18 |
2 files changed, 16 insertions, 3 deletions
diff --git a/cmd/podman/cliconfig/create.go b/cmd/podman/cliconfig/create.go index 49ab3d827..5fb2eed10 100644 --- a/cmd/podman/cliconfig/create.go +++ b/cmd/podman/cliconfig/create.go @@ -24,4 +24,5 @@ type BuildValues struct { type CpValues struct { PodmanCommand Extract bool + Pause bool } diff --git a/cmd/podman/cp.go b/cmd/podman/cp.go index 5addf88d3..7092da5e7 100644 --- a/cmd/podman/cp.go +++ b/cmd/podman/cp.go @@ -50,6 +50,7 @@ func init() { cpCommand.Command = _cpCommand flags := cpCommand.Flags() flags.BoolVar(&cpCommand.Extract, "extract", false, "Extract the tar file into the destination directory.") + flags.BoolVar(&cpCommand.Pause, "pause", true, "Pause the container while copying") cpCommand.SetHelpTemplate(HelpTemplate()) cpCommand.SetUsageTemplate(UsageTemplate()) rootCmd.AddCommand(cpCommand.Command) @@ -67,11 +68,10 @@ func cpCmd(c *cliconfig.CpValues) error { } defer runtime.Shutdown(false) - extract := c.Flag("extract").Changed - return copyBetweenHostAndContainer(runtime, args[0], args[1], extract) + return copyBetweenHostAndContainer(runtime, args[0], args[1], c.Extract, c.Pause) } -func copyBetweenHostAndContainer(runtime *libpod.Runtime, src string, dest string, extract bool) error { +func copyBetweenHostAndContainer(runtime *libpod.Runtime, src string, dest string, extract bool, pause bool) error { srcCtr, srcPath := parsePath(runtime, src) destCtr, destPath := parsePath(runtime, dest) @@ -94,6 +94,18 @@ func copyBetweenHostAndContainer(runtime *libpod.Runtime, src string, dest strin return err } defer ctr.Unmount(false) + + if pause { + if err := ctr.Pause(); err != nil { + return err + } + defer func() { + if err := ctr.Unpause(); err != nil { + logrus.Errorf("Error unpausing container after copying: %v", err) + } + }() + } + user, err := getUser(mountPoint, ctr.User()) if err != nil { return err |