diff options
author | Qi Wang <qiwan@redhat.com> | 2020-07-31 10:17:08 -0400 |
---|---|---|
committer | Qi Wang <qiwan@redhat.com> | 2020-08-04 15:09:17 -0400 |
commit | 34e82f81bdbdd26b82501bc2d27d18aaab5747dd (patch) | |
tree | ed55fcaa4134fd868af07ff981af5d0eb5e4c809 /cmd | |
parent | d4cf3c589d09dd395a3b63e82f5a5c198535cb46 (diff) | |
download | podman-34e82f81bdbdd26b82501bc2d27d18aaab5747dd.tar.gz podman-34e82f81bdbdd26b82501bc2d27d18aaab5747dd.tar.bz2 podman-34e82f81bdbdd26b82501bc2d27d18aaab5747dd.zip |
validate fds --preserve-fds
validate file descriptors passed from podman run and podman exec --preserve-fds.
Signed-off-by: Qi Wang <qiwan@redhat.com>
Diffstat (limited to 'cmd')
-rw-r--r-- | cmd/podman/containers/exec.go | 7 | ||||
-rw-r--r-- | cmd/podman/containers/run.go | 5 |
2 files changed, 12 insertions, 0 deletions
diff --git a/cmd/podman/containers/exec.go b/cmd/podman/containers/exec.go index da450054f..e301ca588 100644 --- a/cmd/podman/containers/exec.go +++ b/cmd/podman/containers/exec.go @@ -10,6 +10,7 @@ import ( "github.com/containers/podman/v2/libpod/define" "github.com/containers/podman/v2/pkg/domain/entities" envLib "github.com/containers/podman/v2/pkg/env" + "github.com/containers/podman/v2/pkg/rootless" "github.com/pkg/errors" "github.com/spf13/cobra" "github.com/spf13/pflag" @@ -110,6 +111,12 @@ func exec(_ *cobra.Command, args []string) error { execOpts.Envs = envLib.Join(execOpts.Envs, cliEnv) + for fd := 3; fd < int(3+execOpts.PreserveFDs); fd++ { + if !rootless.IsFdInherited(fd) { + return errors.Errorf("file descriptor %d is not available - the preserve-fds option requires that file descriptors must be passed", fd) + } + } + if !execDetach { streams := define.AttachStreams{} streams.OutputStream = os.Stdout diff --git a/cmd/podman/containers/run.go b/cmd/podman/containers/run.go index d26aed826..43484e2e4 100644 --- a/cmd/podman/containers/run.go +++ b/cmd/podman/containers/run.go @@ -125,6 +125,11 @@ func run(cmd *cobra.Command, args []string) error { if err := createInit(cmd); err != nil { return err } + for fd := 3; fd < int(3+runOpts.PreserveFDs); fd++ { + if !rootless.IsFdInherited(fd) { + return errors.Errorf("file descriptor %d is not available - the preserve-fds option requires that file descriptors must be passed", fd) + } + } imageName := args[0] if !cliVals.RootFS { |