kotovalexarian-likes-github
/
moby--moby
mirror of https://github.com/moby/moby.git
1
0
Fork 0
Code Releases Activity
moby--moby/daemon
History
Brian Goff d089b63937 Pass root to chroot to for chroot Untar 
This is useful for preventing CVE-2018-15664 where a malicious container
process can take advantage of a race on symlink resolution/sanitization.

Before this change chrootarchive would chroot to the destination
directory which is attacker controlled. With this patch we always chroot
to the container's root which is not attacker controlled.

Signed-off-by: Brian Goff <cpuguy83@gmail.com>
 		2019-06-03 09:45:21 -07:00
..
cluster Network not deleted after stack is removed 2019-05-23 12:37:17 -07:00
config Make cgroup namespaces configurable 2019-05-07 10:22:16 -07:00
discovery
events
exec
graphdriver aufs: remove mntL 2019-05-23 12:08:40 -07:00
images
initlayer
links
listeners
logger Merge pull request #38586 from robin-thoni/labels-regex 2019-04-29 12:25:21 -07:00
names
network
stats
testdata
apparmor_default.go
apparmor_default_unsupported.go
archive.go Pass root to chroot to for chroot Untar 2019-06-03 09:45:21 -07:00
archive_tarcopyoptions.go
archive_tarcopyoptions_unix.go
archive_tarcopyoptions_windows.go
archive_unix.go
archive_windows.go
attach.go
auth.go
changes.go
checkpoint.go
cluster.go
commit.go
configs.go
configs_linux.go
configs_unsupported.go
configs_windows.go
container.go
container_linux.go
container_operations.go Merge pull request #38853 from cyphar/integration-cli-ensureImage 2019-03-27 07:32:23 +01:00
container_operations_unix.go
container_operations_windows.go
container_unix_test.go
container_windows.go
create.go Merge pull request #38918 from thaJeztah/bump_selinux 2019-03-28 17:27:03 -07:00
create_test.go
create_unix.go
create_windows.go
daemon.go Make cgroup namespaces configurable 2019-05-07 10:22:16 -07:00
daemon_linux.go
daemon_linux_test.go Export all spec generation opts 2019-04-10 15:38:36 -04:00
daemon_test.go
daemon_unix.go bugfix: fetch the right device number which great than 255 2019-05-16 15:32:59 +08:00
daemon_unix_test.go bugfix: fetch the right device number which great than 255 2019-05-16 15:32:59 +08:00
daemon_unsupported.go
daemon_windows.go
daemon_windows_test.go
debugtrap_unix.go
debugtrap_unsupported.go
debugtrap_windows.go
delete.go Updates daemon's remove link method to use more verbose error output. 2019-04-25 13:08:08 -04:00
delete_test.go
dependency.go
devices_linux.go
disk_usage.go
errors.go
events.go
events_test.go
exec.go
exec_linux.go Export all spec generation opts 2019-04-10 15:38:36 -04:00
exec_linux_test.go
exec_windows.go
export.go
health.go
health_test.go
info.go Make cgroup namespaces configurable 2019-05-07 10:22:16 -07:00
info_test.go
info_unix.go Make cgroup namespaces configurable 2019-05-07 10:22:16 -07:00
info_unix_test.go
info_windows.go Make cgroup namespaces configurable 2019-05-07 10:22:16 -07:00
inspect.go
inspect_linux.go
inspect_test.go
inspect_windows.go
keys.go
keys_unsupported.go
kill.go
licensing.go
licensing_test.go
links.go
list.go
list_test.go
list_unix.go
list_windows.go
logdrivers_linux.go
logdrivers_windows.go
logs.go
logs_test.go
metrics.go
metrics_unix.go
metrics_unsupported.go
monitor.go
mounts.go
names.go
network.go
nvidia_linux.go daemon: fix bug in nvidia device registration 2019-03-29 16:07:01 -07:00
oci_linux.go Make cgroup namespaces configurable 2019-05-07 10:22:16 -07:00
oci_linux_test.go
oci_utils.go
oci_windows.go
oci_windows_test.go
pause.go
prune.go
reload.go
reload_test.go
reload_unix.go Make cgroup namespaces configurable 2019-05-07 10:22:16 -07:00
reload_windows.go
rename.go
resize.go
resize_test.go
restart.go
seccomp_disabled.go Export all spec generation opts 2019-04-10 15:38:36 -04:00
seccomp_linux.go Export all spec generation opts 2019-04-10 15:38:36 -04:00
seccomp_unsupported.go Export all spec generation opts 2019-04-10 15:38:36 -04:00
secrets.go
secrets_linux.go
secrets_unsupported.go
secrets_windows.go
selinux_linux.go
selinux_unsupported.go
start.go
start_unix.go
start_windows.go
stats.go
stats_collector.go
stats_unix.go
stats_windows.go
stop.go
top_unix.go
top_unix_test.go
top_windows.go
unpause.go
update.go
update_linux.go
update_windows.go
util_test.go Remove inmemory container map 2019-04-05 15:48:07 -04:00
uuid.go
volumes.go
volumes_linux.go
volumes_linux_test.go
volumes_unit_test.go
volumes_unix.go daemon/mountVolumes(): eliminate MakeRPrivate call 2019-04-09 12:58:38 -07:00
volumes_unix_test.go
volumes_windows.go
wait.go
workdir.go