summaryrefslogtreecommitdiff
path: root/cmd/podman
diff options
context:
space:
mode:
authorQi Wang <qiwan@redhat.com>2020-07-31 10:17:08 -0400
committerQi Wang <qiwan@redhat.com>2020-08-04 15:09:17 -0400
commit34e82f81bdbdd26b82501bc2d27d18aaab5747dd (patch)
treeed55fcaa4134fd868af07ff981af5d0eb5e4c809 /cmd/podman
parentd4cf3c589d09dd395a3b63e82f5a5c198535cb46 (diff)
downloadpodman-34e82f81bdbdd26b82501bc2d27d18aaab5747dd.tar.gz
podman-34e82f81bdbdd26b82501bc2d27d18aaab5747dd.tar.bz2
podman-34e82f81bdbdd26b82501bc2d27d18aaab5747dd.zip
validate fds --preserve-fds
validate file descriptors passed from podman run and podman exec --preserve-fds. Signed-off-by: Qi Wang <qiwan@redhat.com>
Diffstat (limited to 'cmd/podman')
-rw-r--r--cmd/podman/containers/exec.go7
-rw-r--r--cmd/podman/containers/run.go5
2 files changed, 12 insertions, 0 deletions
diff --git a/cmd/podman/containers/exec.go b/cmd/podman/containers/exec.go
index da450054f..e301ca588 100644
--- a/cmd/podman/containers/exec.go
+++ b/cmd/podman/containers/exec.go
@@ -10,6 +10,7 @@ import (
"github.com/containers/podman/v2/libpod/define"
"github.com/containers/podman/v2/pkg/domain/entities"
envLib "github.com/containers/podman/v2/pkg/env"
+ "github.com/containers/podman/v2/pkg/rootless"
"github.com/pkg/errors"
"github.com/spf13/cobra"
"github.com/spf13/pflag"
@@ -110,6 +111,12 @@ func exec(_ *cobra.Command, args []string) error {
execOpts.Envs = envLib.Join(execOpts.Envs, cliEnv)
+ for fd := 3; fd < int(3+execOpts.PreserveFDs); fd++ {
+ if !rootless.IsFdInherited(fd) {
+ return errors.Errorf("file descriptor %d is not available - the preserve-fds option requires that file descriptors must be passed", fd)
+ }
+ }
+
if !execDetach {
streams := define.AttachStreams{}
streams.OutputStream = os.Stdout
diff --git a/cmd/podman/containers/run.go b/cmd/podman/containers/run.go
index d26aed826..43484e2e4 100644
--- a/cmd/podman/containers/run.go
+++ b/cmd/podman/containers/run.go
@@ -125,6 +125,11 @@ func run(cmd *cobra.Command, args []string) error {
if err := createInit(cmd); err != nil {
return err
}
+ for fd := 3; fd < int(3+runOpts.PreserveFDs); fd++ {
+ if !rootless.IsFdInherited(fd) {
+ return errors.Errorf("file descriptor %d is not available - the preserve-fds option requires that file descriptors must be passed", fd)
+ }
+ }
imageName := args[0]
if !cliVals.RootFS {