From f77d846536718950575fa5206d9e3654ba140590 Mon Sep 17 00:00:00 2001 From: Giuseppe Scrivano Date: Tue, 23 Oct 2018 11:20:01 +0200 Subject: attach: fix attach when cuid is too long conmon creates a symlink to avoid using a too long UNIX path. Closes: https://bugzilla.redhat.com/show_bug.cgi?id=1641800 There is still one issue when the path length of the symlink has the same length of the attach socket parent directory since conmon fails to create the symlink, but that must be addressed in conmon first. Signed-off-by: Giuseppe Scrivano --- libpod/container_attach.go | 18 +++++++++++++++--- 1 file changed, 15 insertions(+), 3 deletions(-) diff --git a/libpod/container_attach.go b/libpod/container_attach.go index 3c4e0775d..f925c3897 100644 --- a/libpod/container_attach.go +++ b/libpod/container_attach.go @@ -16,6 +16,10 @@ import ( "k8s.io/client-go/tools/remotecommand" ) +//#include +// extern int unix_path_length(){struct sockaddr_un addr; return sizeof(addr.sun_path) - 1;} +import "C" + /* Sync with stdpipe_t in conmon.c */ const ( AttachPipeStdin = 1 @@ -81,11 +85,19 @@ func (c *Container) attachContainerSocket(resize <-chan remotecommand.TerminalSi logrus.Warnf("Failed to write to control file to resize terminal: %v", err) } }) - logrus.Debug("connecting to socket ", c.AttachSocketPath()) - conn, err := net.DialUnix("unixpacket", nil, &net.UnixAddr{Name: c.AttachSocketPath(), Net: "unixpacket"}) + socketPath := c.AttachSocketPath() + + maxUnixLength := int(C.unix_path_length()) + if maxUnixLength < len(socketPath) { + socketPath = socketPath[0:maxUnixLength] + } + + logrus.Debug("connecting to socket ", socketPath) + + conn, err := net.DialUnix("unixpacket", nil, &net.UnixAddr{Name: socketPath, Net: "unixpacket"}) if err != nil { - return errors.Wrapf(err, "failed to connect to container's attach socket: %v", c.AttachSocketPath()) + return errors.Wrapf(err, "failed to connect to container's attach socket: %v", socketPath) } defer conn.Close() -- cgit v1.2.3-54-g00ecf From c65b3599cc3ab6972f1b5d96f3e712cd86d74833 Mon Sep 17 00:00:00 2001 From: Giuseppe Scrivano Date: Fri, 26 Oct 2018 16:42:28 +0200 Subject: runtime: do not allow runroot longer than 50 characters Signed-off-by: Giuseppe Scrivano --- cmd/podman/libpodruntime/runtime.go | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/cmd/podman/libpodruntime/runtime.go b/cmd/podman/libpodruntime/runtime.go index df422eb81..a4b3581be 100644 --- a/cmd/podman/libpodruntime/runtime.go +++ b/cmd/podman/libpodruntime/runtime.go @@ -5,6 +5,7 @@ import ( "github.com/containers/libpod/pkg/rootless" "github.com/containers/libpod/pkg/util" "github.com/containers/storage" + "github.com/pkg/errors" "github.com/urfave/cli" ) @@ -42,6 +43,9 @@ func GetRuntimeWithStorageOpts(c *cli.Context, storageOpts *storage.StoreOptions if c.GlobalIsSet("runroot") { storageOpts.RunRoot = c.GlobalString("runroot") } + if len(storageOpts.RunRoot) > 50 { + return nil, errors.New("the specified runroot is longer than 50 characters") + } if c.GlobalIsSet("storage-driver") { storageOpts.GraphDriverName = c.GlobalString("storage-driver") } -- cgit v1.2.3-54-g00ecf