diff options
author | Aditya Rajan <arajan@redhat.com> | 2021-11-30 14:15:53 +0530 |
---|---|---|
committer | Aditya Rajan <arajan@redhat.com> | 2021-11-30 15:44:10 +0530 |
commit | c80a2e4495f877bc0f6a522e99b511de6c0d525d (patch) | |
tree | cdddb70203a49f8f0a9a3789651e689d2b700e59 /test/e2e/build/Dockerfile.with-secret-verify-leak | |
parent | e7204178e175d8ad619faa626ba284c777886cd3 (diff) | |
download | podman-c80a2e4495f877bc0f6a522e99b511de6c0d525d.tar.gz podman-c80a2e4495f877bc0f6a522e99b511de6c0d525d.tar.bz2 podman-c80a2e4495f877bc0f6a522e99b511de6c0d525d.zip |
podman-remote: prevent leaking secret into image
Prevents temp secrets leaking into image by moving it away from context
directory to parent builder directory. Builder directory automatically
gets cleaned up when we are done with the build.
Signed-off-by: Aditya Rajan <arajan@redhat.com>
Diffstat (limited to 'test/e2e/build/Dockerfile.with-secret-verify-leak')
-rw-r--r-- | test/e2e/build/Dockerfile.with-secret-verify-leak | 3 |
1 files changed, 3 insertions, 0 deletions
diff --git a/test/e2e/build/Dockerfile.with-secret-verify-leak b/test/e2e/build/Dockerfile.with-secret-verify-leak new file mode 100644 index 000000000..0957ac6a6 --- /dev/null +++ b/test/e2e/build/Dockerfile.with-secret-verify-leak @@ -0,0 +1,3 @@ +FROM alpine +COPY * / +RUN --mount=type=secret,id=mysecret cat /run/secrets/mysecret |