runlabel: execute /proc/self/exe and avoid recursion

Execute /proc/self/exe instead of podman.  This makes the runlabel
command more portable as it works for binaries outside the path as
well as for local builds.

Also, avoid redundantly executing the runlabel command by setting
the PODMAN_RUNLABEL_NESTED environment variable to "1".  Podman
now checks for this variable before executing the runlabel command
and will throw an error in case the variable is set.

Signed-off-by: Valentin Rothberg <vrothberg@suse.com>

1 files changed, 9 insertions, 0 deletions

diff --git a/cmd/podman/runlabel.go b/cmd/podman/runlabel.go
index c5dd98ee6..34e6b9093 100644
--- a/cmd/podman/runlabel.go
+++ b/cmd/podman/runlabel.go
@@ -94,6 +94,14 @@ func runlabelCmd(c *cli.Context) error {
 		newImage       *image.Image
 	)
 
+	// Evil images could trick into recursively executing the runlabel
+	// command.  Avoid this by setting the "PODMAN_RUNLABEL_NESTED" env
+	// variable when executing a label first.
+	nested := os.Getenv("PODMAN_RUNLABEL_NESTED")
+	if nested == "1" {
+		return fmt.Errorf("nested runlabel calls: runlabels cannot execute the runlabel command")
+	}
+
 	opts := make(map[string]string)
 	runtime, err := libpodruntime.GetRuntime(c)
 	if err != nil {
@@ -177,6 +185,7 @@ func runlabelCmd(c *cli.Context) error {
 
 	cmd := shared.GenerateCommand(runLabel, imageName, c.String("name"))
 	env := shared.GenerateRunEnvironment(c.String("name"), imageName, opts)
+	env = append(env, "PODMAN_RUNLABEL_NESTED=1")
 
 	if !c.Bool("quiet") {
 		fmt.Printf("Command: %s\n", strings.Join(cmd, " "))