diff options
author | Qi Wang <qiwan@redhat.com> | 2020-07-31 10:17:08 -0400 |
---|---|---|
committer | Qi Wang <qiwan@redhat.com> | 2020-08-04 15:09:17 -0400 |
commit | 34e82f81bdbdd26b82501bc2d27d18aaab5747dd (patch) | |
tree | ed55fcaa4134fd868af07ff981af5d0eb5e4c809 /pkg/rootless | |
parent | d4cf3c589d09dd395a3b63e82f5a5c198535cb46 (diff) | |
download | podman-34e82f81bdbdd26b82501bc2d27d18aaab5747dd.tar.gz podman-34e82f81bdbdd26b82501bc2d27d18aaab5747dd.tar.bz2 podman-34e82f81bdbdd26b82501bc2d27d18aaab5747dd.zip |
validate fds --preserve-fds
validate file descriptors passed from podman run and podman exec --preserve-fds.
Signed-off-by: Qi Wang <qiwan@redhat.com>
Diffstat (limited to 'pkg/rootless')
-rw-r--r-- | pkg/rootless/rootless_linux.c | 10 | ||||
-rw-r--r-- | pkg/rootless/rootless_linux.go | 6 | ||||
-rw-r--r-- | pkg/rootless/rootless_unsupported.go | 5 |
3 files changed, 21 insertions, 0 deletions
diff --git a/pkg/rootless/rootless_linux.c b/pkg/rootless/rootless_linux.c index 0223c35ee..2e1fddc48 100644 --- a/pkg/rootless/rootless_linux.c +++ b/pkg/rootless/rootless_linux.c @@ -225,6 +225,16 @@ can_use_shortcut () return ret; } +int +is_fd_inherited(int fd) +{ + if (open_files_set == NULL || fd > open_files_max_fd || fd < 0) + { + return 0; + } + return FD_ISSET(fd % FD_SETSIZE, &(open_files_set[fd / FD_SETSIZE])) ? 1 : 0; +} + static void __attribute__((constructor)) init() { const char *xdg_runtime_dir; diff --git a/pkg/rootless/rootless_linux.go b/pkg/rootless/rootless_linux.go index ccc8a1d94..c3f1fc7fa 100644 --- a/pkg/rootless/rootless_linux.go +++ b/pkg/rootless/rootless_linux.go @@ -32,6 +32,7 @@ extern uid_t rootless_gid(); extern int reexec_in_user_namespace(int ready, char *pause_pid_file_path, char *file_to_read, int fd); extern int reexec_in_user_namespace_wait(int pid, int options); extern int reexec_userns_join(int pid, char *pause_pid_file_path); +extern int is_fd_inherited(int fd); */ import "C" @@ -520,3 +521,8 @@ func ConfigurationMatches() (bool, error) { return matches(GetRootlessGID(), gids, currentGIDs), nil } + +// IsFdInherited checks whether the fd is opened and valid to use +func IsFdInherited(fd int) bool { + return int(C.is_fd_inherited(C.int(fd))) > 0 +} diff --git a/pkg/rootless/rootless_unsupported.go b/pkg/rootless/rootless_unsupported.go index 1499b737f..7dfb4a4b2 100644 --- a/pkg/rootless/rootless_unsupported.go +++ b/pkg/rootless/rootless_unsupported.go @@ -64,3 +64,8 @@ func GetConfiguredMappings() ([]idtools.IDMap, []idtools.IDMap, error) { func ReadMappingsProc(path string) ([]idtools.IDMap, error) { return nil, nil } + +// IsFdInherited checks whether the fd is opened and valid to use +func IsFdInherited(fd int) bool { + return false +} |