diff options
author | Matthew Heon <matthew.heon@pm.me> | 2020-02-10 13:37:38 -0500 |
---|---|---|
committer | Matthew Heon <mheon@redhat.com> | 2020-02-12 10:58:42 -0500 |
commit | c140ecdc9b416ab4efd4d21d14acd63b6adbdd42 (patch) | |
tree | f8f14e2f0f5ef65e4545a1e3c7a97631bf6574c9 /test/e2e/run_volume_test.go | |
parent | e57253d06841d7a128ef760f8c47acf4b59157df (diff) | |
download | podman-c140ecdc9b416ab4efd4d21d14acd63b6adbdd42.tar.gz podman-c140ecdc9b416ab4efd4d21d14acd63b6adbdd42.tar.bz2 podman-c140ecdc9b416ab4efd4d21d14acd63b6adbdd42.zip |
Do not copy up when volume is not empty
When Docker performs a copy up, it first verifies that the volume
being copied into is empty; thus, for volumes that have been
modified elsewhere (e.g. manually copying into then), the copy up
will not be performed at all. Duplicate this behavior in Podman
by checking if the volume is empty before copying.
Furthermore, move setting copyup to false further up. This will
prevent a potential race where copy up could happen more than
once if Podman was killed after some files had been copied but
before the DB was updated.
This resolves CVE-2020-1726.
Signed-off-by: Matthew Heon <matthew.heon@pm.me>
Diffstat (limited to 'test/e2e/run_volume_test.go')
-rw-r--r-- | test/e2e/run_volume_test.go | 24 |
1 files changed, 24 insertions, 0 deletions
diff --git a/test/e2e/run_volume_test.go b/test/e2e/run_volume_test.go index 0c2389e40..46c27dc2e 100644 --- a/test/e2e/run_volume_test.go +++ b/test/e2e/run_volume_test.go @@ -397,4 +397,28 @@ var _ = Describe("Podman run with volumes", func() { volMount.WaitWithDefaultTimeout() Expect(volMount.ExitCode()).To(Not(Equal(0))) }) + + It("Podman fix for CVE-2020-1726", func() { + volName := "testVol" + volCreate := podmanTest.Podman([]string{"volume", "create", volName}) + volCreate.WaitWithDefaultTimeout() + Expect(volCreate.ExitCode()).To(Equal(0)) + + volPath := podmanTest.Podman([]string{"volume", "inspect", "--format", "{{.Mountpoint}}", volName}) + volPath.WaitWithDefaultTimeout() + Expect(volPath.ExitCode()).To(Equal(0)) + path := volPath.OutputToString() + + fileName := "thisIsATestFile" + file, err := os.Create(filepath.Join(path, fileName)) + Expect(err).To(BeNil()) + defer file.Close() + + runLs := podmanTest.Podman([]string{"run", "-t", "-i", "--rm", "-v", fmt.Sprintf("%v:/etc/ssl", volName), ALPINE, "ls", "-1", "/etc/ssl"}) + runLs.WaitWithDefaultTimeout() + Expect(runLs.ExitCode()).To(Equal(0)) + outputArr := runLs.OutputToStringArray() + Expect(len(outputArr)).To(Equal(1)) + Expect(strings.Contains(outputArr[0], fileName)).To(BeTrue()) + }) }) |