diff options
| author | OpenShift Merge Robot <openshift-merge-robot@users.noreply.github.com> | 2021-02-03 17:36:36 -0500 |
|---|---|---|
| committer | GitHub <noreply@github.com> | 2021-02-03 17:36:36 -0500 |
| commit | 82081e8112ab14d08815ac77b76a78d465e4c7b3 (patch) | |
| tree | 2aaf7614f285e2f5e3794234d0aa67bb27781c1c /libpod | |
| parent | c2a298ea933b7860c8c1f8fda8946a19d214152c (diff) | |
| parent | f11aabd3e04aa68ddb35c3d1f90d50afb4d185c2 (diff) | |
| download | podman-82081e8112ab14d08815ac77b76a78d465e4c7b3.tar.gz podman-82081e8112ab14d08815ac77b76a78d465e4c7b3.tar.bz2 podman-82081e8112ab14d08815ac77b76a78d465e4c7b3.zip | |
Merge pull request #9225 from mheon/fix_CVE-2021-20199_30
Fix CVE-2021-20199 for Podman v3.0
Diffstat (limited to 'libpod')
| -rw-r--r-- | libpod/container_internal_linux.go | 4 | ||||
| -rw-r--r-- | libpod/networking_linux.go | 10 |
2 files changed, 12 insertions, 2 deletions
diff --git a/libpod/container_internal_linux.go b/libpod/container_internal_linux.go index 9c5989d23..6c9489a08 100644 --- a/libpod/container_internal_linux.go +++ b/libpod/container_internal_linux.go @@ -1735,7 +1735,7 @@ func (c *Container) generateResolvConf() (string, error) { nameservers = resolvconf.GetNameservers(resolv.Content) // slirp4netns has a built in DNS server. if c.config.NetMode.IsSlirp4netns() { - nameservers = append([]string{"10.0.2.3"}, nameservers...) + nameservers = append([]string{slirp4netnsDNS}, nameservers...) } } @@ -1815,7 +1815,7 @@ func (c *Container) getHosts() string { if c.Hostname() != "" { if c.config.NetMode.IsSlirp4netns() { // When using slirp4netns, the interface gets a static IP - hosts += fmt.Sprintf("# used by slirp4netns\n%s\t%s %s\n", "10.0.2.100", c.Hostname(), c.config.Name) + hosts += fmt.Sprintf("# used by slirp4netns\n%s\t%s %s\n", slirp4netnsIP, c.Hostname(), c.config.Name) } else { hasNetNS := false netNone := false diff --git a/libpod/networking_linux.go b/libpod/networking_linux.go index 94b8563fe..ffd39dfa9 100644 --- a/libpod/networking_linux.go +++ b/libpod/networking_linux.go @@ -35,6 +35,15 @@ import ( "golang.org/x/sys/unix" ) +const ( + // slirp4netnsIP is the IP used by slirp4netns to configure the tap device + // inside the network namespace. + slirp4netnsIP = "10.0.2.100" + + // slirp4netnsDNS is the IP for the built-in DNS server in the slirp network + slirp4netnsDNS = "10.0.2.3" +) + // Get an OCICNI network config func (r *Runtime) getPodNetwork(id, name, nsPath string, networks []string, ports []ocicni.PortMapping, staticIP net.IP, staticMAC net.HardwareAddr, netDescriptions ContainerNetworkDescriptions) ocicni.PodNetwork { var networkKey string @@ -547,6 +556,7 @@ func (r *Runtime) setupRootlessPortMappingViaRLK(ctr *Container, netnsPath strin ExitFD: 3, ReadyFD: 4, TmpDir: ctr.runtime.config.Engine.TmpDir, + ChildIP: slirp4netnsIP, } cfgJSON, err := json.Marshal(cfg) if err != nil { |