From 44642bee8720c0a19c97c6e116d725fd5f95daad Mon Sep 17 00:00:00 2001 From: Lokesh Mandvekar Date: Fri, 22 Apr 2022 13:36:18 -0400 Subject: libpod/networking_linux.go: switch to sha256 hashes SHA-1 is prone to collisions. This will likely break connectivity between old containers started before update and containers started after update. It will also fail to cleanup old netns. A reboot will fix this, so a reboot is recommended after update. [NO NEW TESTS NEEDED] Signed-off-by: Lokesh Mandvekar --- libpod/networking_linux.go | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/libpod/networking_linux.go b/libpod/networking_linux.go index 41beaf41d..0db0896cf 100644 --- a/libpod/networking_linux.go +++ b/libpod/networking_linux.go @@ -5,7 +5,7 @@ package libpod import ( "crypto/rand" - "crypto/sha1" + "crypto/sha256" "fmt" "io/ioutil" "net" @@ -402,7 +402,7 @@ func (r *Runtime) GetRootlessNetNs(new bool) (*RootlessNetNS, error) { // the cleanup will check if there are running containers // if you run a several libpod instances with different root/runroot directories this check will fail // we want one netns for each libpod static dir so we use the hash to prevent name collisions - hash := sha1.Sum([]byte(r.config.Engine.StaticDir)) + hash := sha256.Sum256([]byte(r.config.Engine.StaticDir)) netnsName := fmt.Sprintf("%s-%x", rootlessNetNsName, hash[:10]) path := filepath.Join(nsDir, netnsName) -- cgit v1.2.3-54-g00ecf