Fix a time-of-check/time-of-use error when mounting type=bind and
type=cache directories that use a "src" flag. A hostile writer could
use a concurrently-running stage or build to replace that "src" location
between the point when we had resolved possible symbolic links and when
runc/crun/whatever actually went to create the bind mount
(CVE-2024-11218).
Stop ignoring the "src" option for cache mounts when there's no "from"
option.
Signed-off-by: Nalin Dahyabhai <nalin@redhat.com>
Signed-off-by: Vivek Naruka <vnaruka@redhat.com>
Signed-off-by: Chris Evich <cevich@redhat.com>
When handling RUN --mount=type=bind, where the mount is read-write,
instead of a simple bind mount, create an overlay mount with an upper
directory that will be discarded after the overlay mount is unmounted.
This brings us in line with the expected behavior, wherein writes to
bind mounts should be discarded.
Signed-off-by: Nalin Dahyabhai <nalin@redhat.com>
Signed-off-by: Vivek Naruka <vnaruka@redhat.com>
Allow containers running under buildah to use
--group-add keep-groups, so that they can inherit
access to the users groups.
Also allow users to add supplimental groups to the container.
Fixes: https://github.com/containers/buildah/issues/4476
Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
User may get confusing error messages were it is not clear that they are
related to the network setup, wrap the error to make it more clear that
some network setup failed.
[NO NEW TESTS NEEDED]
Fixescontainers/podman#16809
Signed-off-by: Paul Holzinger <pholzing@redhat.com>
When working with `--mount=type=bind` and `--mount=type=cache` allow
`target` to accept relative paths w.r.t to the configured work dir.
Closes: https://github.com/containers/buildah/issues/4309
Signed-off-by: Aditya R <arajan@redhat.com>
In golang 1.19, `io/ioutil` is fully deprecated preventing Buildah from
compiling. Replace all calls with equivalent calls from the `os`
package.
Signed-off-by: Chris Evich <cevich@redhat.com>
This allows declaring run mounts using e.g. '-mount=type=nullfs,...' on
FreeBSD which makes more sense for FreeBSD users. It is also consistent
with 'podman run' which requires the nullfs mount type on FreeBSD.
[NO NEW TESTS NEEDED]
Signed-off-by: Doug Rabson <dfr@rabson.org>
... and use a more traditional error handling model,
where responsibility for the cleanup passes to the caller
_only_ if the called function succeeds.
To reinforce that, hard-code nil returns on error paths
instead of returning the locks.
Signed-off-by: Miloslav Trmač <mitr@redhat.com>
It can return at most one lock, so don't return an array.
Should not change behavior right now, but it will simplify
cleanup.
[NO NEW TESTS NEEDED]
Signed-off-by: Miloslav Trmač <mitr@redhat.com>
By construction it's now quite clear that the locks should
always be locked.
Don't even bother with AssertLockedForWriting(), that's
partially (checking for lock ownership, not for read-write ownership)
implied by Unlock() already.
[NO NEW TESTS NEEDED]
Signed-off-by: Miloslav Trmač <mitr@redhat.com>
They exist in memory anyway, so this is more efficient:
we avoid the need to manually touch the filesystem again,
the associated costs - and the error paths go away.
[NO NEW TESTS NEEDED]
Signed-off-by: Miloslav Trmač <mitr@redhat.com>
Single `RUN` can contain multiple `--mount` commands so lets append into
`lockedTargets` so we collect `lockfiles` from all the `--mount`
instructions.
Helps in: https://github.com/containers/buildah/issues/4342
Signed-off-by: Aditya R <arajan@redhat.com>
Podman adds an Error: to every error message. So starting an error
message with "error" ends up being reported to the user as
Error: error ...
This patch removes the stutter.
Also ioutil.ReadFile errors report the Path, so wrapping the err message
with the path causes a stutter.
Signed-off-by: Daniel J Walsh dwalsh@redhat.com
[NO NEW TESTS NEEDED]
Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
Flags processing in `--mount` must not be hardcode to expect first field to
be `type` instead it should be order agnostic.
Closes: https://github.com/containers/podman/issues/15748
Signed-off-by: Aditya R <arajan@redhat.com>
When container is created with specific uid and gid also add container
gid to supplementary/additional group.
Signed-off-by: Aditya R <arajan@redhat.com>
On FreeBSD, the Linux section of the spec is not populated. FreeBSD does
have a similar labelling facility in its MAC framework but that would be
better managed via a future addition of a FreeBSD section to the runtime
spec rather than trying to make it look like Linux.
[NO NEW TESTS NEEDED]
Signed-off-by: Doug Rabson <dfr@rabson.org>
If errors for which os.IsExist() or os.IsNotExist() would have returned
true have been wrapped using fmt.Errorf()'s "%w" verb, os.IsExist() and
os.IsNotExist(), not having been retrofitted to use errors.Is(), will
return false.
Use errors.Is() to check if an error is an os.ErrExist or os.ErrNotExist
error instead of calling os.IsExist() or os.IsNotExist().
Signed-off-by: Nalin Dahyabhai <nalin@redhat.com>
When we fail to create the pipe we're using to signal a start, don't
complain about failing to create the creation pipe.
Signed-off-by: Nalin Dahyabhai <nalin@redhat.com>
Set the default for user namespaces correctly for callers that don't use
our CLI, e.g. OpenShift or our own tutorials. When we don't do that,
commands invoked through RUN instructions can see weird things, in this
case an empty /sys/fs/cgroup directory.
Signed-off-by: Nalin Dahyabhai <nalin@redhat.com>
This involves handling the fact that FreeBSD containers don't have a
Linux section in the spec and that mounting filesystem directories is
done with nullfs rather than bind.
Signed-off-by: Doug Rabson <dfr@rabson.org>
Nalin Dahyabhai
Aditya R
Daniel J Walsh
Paul Holzinger
Chris Evich
Miloslav Trmač
Doug Rabson
openshift-ci[bot]