aboutsummaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorLokesh Mandvekar <lsm5@fedoraproject.org>2022-04-22 13:36:18 -0400
committerLokesh Mandvekar <lsm5@fedoraproject.org>2022-04-22 16:31:43 -0400
commit44642bee8720c0a19c97c6e116d725fd5f95daad (patch)
treeb1e412993b519f5e64762621a6293f19713085c7
parent1a768dbc089c91dda7f552cb89134be9fa498136 (diff)
downloadpodman-44642bee8720c0a19c97c6e116d725fd5f95daad.tar.gz
podman-44642bee8720c0a19c97c6e116d725fd5f95daad.tar.bz2
podman-44642bee8720c0a19c97c6e116d725fd5f95daad.zip
libpod/networking_linux.go: switch to sha256 hashes
SHA-1 is prone to collisions. This will likely break connectivity between old containers started before update and containers started after update. It will also fail to cleanup old netns. A reboot will fix this, so a reboot is recommended after update. [NO NEW TESTS NEEDED] Signed-off-by: Lokesh Mandvekar <lsm5@fedoraproject.org>
-rw-r--r--libpod/networking_linux.go4
1 files changed, 2 insertions, 2 deletions
diff --git a/libpod/networking_linux.go b/libpod/networking_linux.go
index 41beaf41d..0db0896cf 100644
--- a/libpod/networking_linux.go
+++ b/libpod/networking_linux.go
@@ -5,7 +5,7 @@ package libpod
import (
"crypto/rand"
- "crypto/sha1"
+ "crypto/sha256"
"fmt"
"io/ioutil"
"net"
@@ -402,7 +402,7 @@ func (r *Runtime) GetRootlessNetNs(new bool) (*RootlessNetNS, error) {
// the cleanup will check if there are running containers
// if you run a several libpod instances with different root/runroot directories this check will fail
// we want one netns for each libpod static dir so we use the hash to prevent name collisions
- hash := sha1.Sum([]byte(r.config.Engine.StaticDir))
+ hash := sha256.Sum256([]byte(r.config.Engine.StaticDir))
netnsName := fmt.Sprintf("%s-%x", rootlessNetNsName, hash[:10])
path := filepath.Join(nsDir, netnsName)