beenull/moby
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity
moby/daemon
History
Jaroslav Jindrak d0d85f6438
daemon: overlay2: remove world writable permission from the lower file 
In de2447c, the creation of the 'lower' file was changed from using
os.Create to using ioutils.AtomicWriteFile, which ignores the system's
umask. This means that even though the requested permission in the
source code was always 0666, it was 0644 on systems with default
umask of 0022 prior to de2447c, so the move to AtomicFile potentially
increased the file's permissions.

This is not a security issue because the parent directory does not
allow writes into the file, but it can confuse security scanners on
Linux-based systems into giving false positives.

Signed-off-by: Jaroslav Jindrak <dzejrou@gmail.com>
(cherry picked from commit cadb124ab6)
Signed-off-by: Paweł Gronowski <pawel.gronowski@docker.com>
2024-03-06 13:11:41 +01:00
..
cluster daemon/cluster/executer: Add missing StartInterval 2024-01-22 15:23:27 +01:00
config vendor: containerd v1.7.12, and switch to dario.cat/mergo v1.0.0 2024-01-12 18:09:24 +01:00
containerd c8d/pull: Output truncated id for Pulling fs layer 2024-03-01 10:10:04 +01:00
events migrate to new github.com/distribution/reference module 2023-09-05 12:09:26 +02:00
graphdriver daemon: overlay2: remove world writable permission from the lower file 2024-03-06 13:11:41 +01:00
images daemon/imageStore: Mark images built locally 2024-01-25 16:07:10 +01:00
initlayer remove some remaining pre-go1.17 build-tags 2023-08-24 17:51:07 +02:00
links daemon/links: use strings.Cut() 2022-12-21 11:09:01 +01:00
listeners migrate to github.com/containerd/log v0.1.0 2023-10-11 17:52:23 +02:00
logger d/logger/journald: quit waiting when logger closes 2024-02-02 19:10:41 -05:00
names Add canonical import comment 2018-02-05 16:51:57 -05:00
network Only restore a configured MAC addr on restart. 2024-02-02 09:10:04 +01:00
snapshotter c8d/mount: Use ref-counted mounter by default 2024-01-18 15:38:51 +01:00
stats Make one-shot stats faster 2023-09-27 14:10:23 +08:00
testdata Remove libtrust dep from api 2017-09-06 12:05:19 -04:00
apparmor_default.go remove pre-go1.17 build-tags 2023-05-19 20:38:51 +02:00
apparmor_default_unsupported.go remove pre-go1.17 build-tags 2023-05-19 20:38:51 +02:00
archive.go daemon: refactor isOnlineFSOperationPermitted 2022-10-26 12:06:31 -04:00
archive_tarcopyoptions.go Finish refactor of UID/GID usage to a new struct 2022-03-14 16:28:57 -04:00
archive_tarcopyoptions_unix.go remove pre-go1.17 build-tags 2023-05-19 20:38:51 +02:00
archive_tarcopyoptions_windows.go Add canonical import comment 2018-02-05 16:51:57 -05:00
archive_unix.go api/types/events: define "Action" type and consts 2023-08-29 00:38:08 +02:00
archive_windows.go api/types/events: define "Action" type and consts 2023-08-29 00:38:08 +02:00
attach.go container: internalize InitAttachContext 2023-11-30 15:26:53 +01:00
auth.go daemon: use types/registry.AuthConfig 2022-07-29 23:05:18 +02:00
cdi.go Update container-device-interface to v0.6.2 2023-11-04 01:00:19 +01:00
changes.go c8d: add support for docker diff 2023-03-30 10:29:07 +01:00
checkpoint.go api/types/events: define "Action" type and consts 2023-08-29 00:38:08 +02:00
cluster.go Fix libnetwork imports 2021-06-01 21:51:23 +00:00
commit.go migrate to new github.com/distribution/reference module 2023-09-05 12:09:26 +02:00
configs.go migrate to github.com/containerd/log v0.1.0 2023-10-11 17:52:23 +02:00
configs_linux.go Add canonical import comment 2018-02-05 16:51:57 -05:00
configs_unsupported.go remove pre-go1.17 build-tags 2023-05-19 20:38:51 +02:00
configs_windows.go Add canonical import comment 2018-02-05 16:51:57 -05:00
container.go api/pre-1.44: Default ReadOnlyNonRecursive to true 2024-02-28 10:00:22 +01:00
container_linux.go remove pre-go1.17 build-tags 2023-05-19 20:38:51 +02:00
container_operations.go Set up DNS names for Windows default network 2024-03-01 12:03:16 +01:00
container_operations_test.go libnet: remove Endpoint.myAliases 2023-12-19 10:20:38 +01:00
container_operations_unix.go migrate to github.com/containerd/log v0.1.0 2023-10-11 17:52:23 +02:00
container_operations_windows.go migrate to github.com/containerd/log v0.1.0 2023-10-11 17:52:23 +02:00
container_unix_test.go remove more direct uses of logrus 2023-09-15 20:12:27 +02:00
container_windows.go daemon: fix capitalization of some functions 2020-04-14 17:22:19 +02:00
containerfs_linux.go migrate to github.com/containerd/log v0.1.0 2023-10-11 17:52:23 +02:00
content.go daemon: configureLocalContentStore: return concrete types 2023-07-18 14:18:42 +02:00
create.go api/pre-1.44: Default ReadOnlyNonRecursive to true 2024-02-28 10:00:22 +01:00
create_unix.go migrate to github.com/containerd/log v0.1.0 2023-10-11 17:52:23 +02:00
create_windows.go Fix pruning anon volume created from image config 2023-03-14 11:06:26 +01:00
daemon.go fix "host-gateway-ip" label not set for builder workers 2024-01-23 15:59:09 +01:00
daemon_linux.go migrate to github.com/containerd/log v0.1.0 2023-10-11 17:52:23 +02:00
daemon_linux_test.go tests: Move libnetwork/testutils to internal/testutils/netnsutils 2023-07-26 21:06:36 +02:00
daemon_test.go daemon: format code with gofumpt 2023-06-29 00:33:03 +02:00
daemon_unix.go Merge pull request #46447 from akerouanton/api-predefined-networks 2023-11-24 12:26:48 +01:00
daemon_unix_test.go remove more direct uses of logrus 2023-09-15 20:12:27 +02:00
daemon_unsupported.go daemon: read-copy-update the daemon config 2023-06-01 14:45:24 -04:00
daemon_windows.go Merge pull request #46447 from akerouanton/api-predefined-networks 2023-11-24 12:26:48 +01:00
daemon_windows_test.go remove pre-go1.17 build-tags 2023-05-19 20:38:51 +02:00
debugtrap_unix.go migrate to github.com/containerd/log v0.1.0 2023-10-11 17:52:23 +02:00
debugtrap_unsupported.go remove pre-go1.17 build-tags 2023-05-19 20:38:51 +02:00
debugtrap_windows.go migrate to github.com/containerd/log v0.1.0 2023-10-11 17:52:23 +02:00
delete.go api/types: move ContainerCreateConfig, ContainerRmConfig to api/types/backend 2023-12-05 16:41:36 +01:00
delete_test.go api/types: move ContainerCreateConfig, ContainerRmConfig to api/types/backend 2023-12-05 16:41:36 +01:00
dependency.go Bump swarmkit to v2 2022-04-21 17:33:07 -04:00
devices.go Remove need to set Capabilities for cdi driver 2023-05-16 17:07:58 +02:00
disk_usage.go api/types: move ContainerListOptions to api/types/container 2023-10-12 11:29:24 +02:00
errors.go daemon: cleanupContainer: don't fail if container is already stopped 2023-08-23 15:47:43 +02:00
errors_test.go daemon: cleanupContainer: don't fail if container is already stopped 2023-08-23 15:47:43 +02:00
events.go Plumb context through info endpoint 2023-11-10 20:09:25 +00:00
events_test.go api/types/events: define "Action" type and consts 2023-08-29 00:38:08 +02:00
exec.go migrate to github.com/containerd/log v0.1.0 2023-10-11 17:52:23 +02:00
exec_linux.go Cleanup duplicate imports 2023-10-26 00:10:23 +01:00
exec_linux_test.go daemon: reload runtimes w/o breaking containers 2023-06-01 14:45:25 -04:00
exec_windows.go daemon: read-copy-update the daemon config 2023-06-01 14:45:24 -04:00
export.go api/types/events: define "Action" type and consts 2023-08-29 00:38:08 +02:00
health.go daemon: stop checkpointing health probes to disk 2024-01-16 14:09:40 -05:00
health_test.go remove more direct uses of logrus 2023-09-15 20:12:27 +02:00
id.go Add otel support 2023-09-07 18:38:19 +00:00
image_service.go Implement GetLayerFolders for the containerd image store 2024-01-17 16:29:28 +01:00
info.go daemon: work around go1.21 compiler bug 2024-01-04 00:02:39 +01:00
info_unix.go (*Daemon).fillRootlessVersion: fix nil panic 2024-01-17 00:50:53 +09:00
info_unix_test.go remove pre-go1.17 build-tags 2023-05-19 20:38:51 +02:00
info_windows.go Plumb context through info endpoint 2023-11-10 20:09:25 +00:00
inspect.go Merge pull request #47220 from thaJeztah/25.0_backport_more_gocompat 2024-02-03 14:36:55 +01:00
inspect_linux.go api: Deprecate ContainerConfig.MacAddress 2023-10-25 22:55:59 +02:00
inspect_test.go daemon: reload runtimes w/o breaking containers 2023-06-01 14:45:25 -04:00
inspect_windows.go c8d: Compute container's layer size 2023-03-08 00:58:02 +01:00
keys.go remove pre-go1.17 build-tags 2023-05-19 20:38:51 +02:00
keys_unsupported.go remove pre-go1.17 build-tags 2023-05-19 20:38:51 +02:00
kill.go daemon: kill: use log level to "warn" if container doesn't exit in time 2023-11-29 16:18:34 +01:00
licensing.go api/types: move system info types to api/types/system 2023-07-07 13:01:36 +02:00
licensing_test.go api/types: move system info types to api/types/system 2023-07-07 13:01:36 +02:00
links.go Add canonical import comment 2018-02-05 16:51:57 -05:00
list.go api/types: move ContainerListOptions to api/types/container 2023-10-12 11:29:24 +02:00
list_test.go api/types: move ContainerListOptions to api/types/container 2023-10-12 11:29:24 +02:00
list_unix.go remove pre-go1.17 build-tags 2023-05-19 20:38:51 +02:00
list_windows.go pkg/containerfs: alias ContainerFS to string 2022-09-23 16:56:52 -04:00
logdrivers_linux.go logger: remove logentries driver 2023-12-12 22:51:23 +01:00
logdrivers_windows.go logger: remove logentries driver 2023-12-12 22:51:23 +01:00
logs.go api/types: move ContainerLogsOptions to api/types/container 2023-10-12 11:30:12 +02:00
logs_test.go Add canonical import comment 2018-02-05 16:51:57 -05:00
metrics.go migrate to github.com/containerd/log v0.1.0 2023-10-11 17:52:23 +02:00
metrics_unix.go migrate to github.com/containerd/log v0.1.0 2023-10-11 17:52:23 +02:00
metrics_unsupported.go daemon: read-copy-update the daemon config 2023-06-01 14:45:24 -04:00
monitor.go api/types: move ContainerCreateConfig, ContainerRmConfig to api/types/backend 2023-12-05 16:41:36 +01:00
mounts.go migrate to github.com/containerd/log v0.1.0 2023-10-11 17:52:23 +02:00
names.go migrate to github.com/containerd/log v0.1.0 2023-10-11 17:52:23 +02:00
network.go Don't enforce new validation rules for existing networks 2024-03-01 09:54:46 +01:00
network_windows.go libnetwork: remove Network interface 2023-07-22 11:56:41 +02:00
nvidia_linux.go goimports: fix imports 2019-09-18 12:56:54 +02:00
oci_linux.go net=host: remove /var/run/docker/netns/default from OCI config 2024-01-18 18:09:52 +09:00
oci_linux_test.go daemon: format code with gofumpt 2023-06-29 00:33:03 +02:00
oci_opts.go daemon: ensure OCI options play nicely together 2023-06-06 13:10:05 -04:00
oci_utils.go daemon: ensure OCI options play nicely together 2023-06-06 13:10:05 -04:00
oci_windows.go Root.Path for a process-isolated WCOW container must be the Volume GUID 2024-01-17 16:29:32 +01:00
oci_windows_test.go daemon: format code with gofumpt 2023-06-29 00:33:03 +02:00
pause.go migrate to github.com/containerd/log v0.1.0 2023-10-11 17:52:23 +02:00
prune.go api/types: move ContainerCreateConfig, ContainerRmConfig to api/types/backend 2023-12-05 16:41:36 +01:00
reload.go migrate to github.com/containerd/log v0.1.0 2023-10-11 17:52:23 +02:00
reload_test.go migrate to github.com/containerd/log v0.1.0 2023-10-11 17:52:23 +02:00
reload_unix.go daemon: consolidate runtimes config validation 2023-06-01 14:45:25 -04:00
reload_windows.go daemon: reload runtimes w/o breaking containers 2023-06-01 14:45:25 -04:00
rename.go daemon: rename: don't reload endpoint from datastore 2024-01-23 22:53:43 +01:00
resize.go api/types/events: define "Action" type and consts 2023-08-29 00:38:08 +02:00
resize_test.go remove pre-go1.17 build-tags 2023-05-19 20:38:51 +02:00
restart.go daemon: daemon.containerRestart: don't cancel restart on context cancel 2023-10-24 12:56:45 +02:00
runtime_unix.go migrate to github.com/containerd/log v0.1.0 2023-10-11 17:52:23 +02:00
runtime_unix_test.go vendor: containerd v1.7.12, and switch to dario.cat/mergo v1.0.0 2024-01-12 18:09:24 +01:00
runtime_windows.go daemon: reload runtimes w/o breaking containers 2023-06-01 14:45:25 -04:00
seccomp_linux.go migrate to github.com/containerd/log v0.1.0 2023-10-11 17:52:23 +02:00
seccomp_linux_test.go container: split security options to a SecurityOptions struct 2023-04-29 00:03:37 +02:00
seccomp_unsupported.go remove pre-go1.17 build-tags 2023-05-19 20:38:51 +02:00
secrets.go migrate to github.com/containerd/log v0.1.0 2023-10-11 17:52:23 +02:00
secrets_linux.go Add canonical import comment 2018-02-05 16:51:57 -05:00
secrets_unsupported.go remove pre-go1.17 build-tags 2023-05-19 20:38:51 +02:00
secrets_windows.go Add canonical import comment 2018-02-05 16:51:57 -05:00
start.go api/pre-1.44: Default ReadOnlyNonRecursive to true 2024-02-28 10:00:22 +01:00
start_unix.go daemon: consolidate runtimes config validation 2023-06-01 14:45:25 -04:00
start_windows.go daemon: reload runtimes w/o breaking containers 2023-06-01 14:45:25 -04:00
stats.go migrate to github.com/containerd/log v0.1.0 2023-10-11 17:52:23 +02:00
stats_collector.go pkg/sysinfo: move MemInfo and ReadMemInfo to a separate package 2023-03-15 17:52:45 +01:00
stats_unix.go Make one-shot stats faster 2023-09-27 14:10:23 +08:00
stats_windows.go Make one-shot stats faster 2023-09-27 14:10:23 +08:00
stop.go daemon: daemon.containerStop: use context.WithoutCancel 2023-10-20 17:44:30 +02:00
top_unix.go api/types/events: define "Action" type and consts 2023-08-29 00:38:08 +02:00
top_unix_test.go daemon: use string-literals for easier grep'ing 2023-07-05 12:27:00 +02:00
top_windows.go daemon: format code with gofumpt 2023-06-29 00:33:03 +02:00
unpause.go migrate to github.com/containerd/log v0.1.0 2023-10-11 17:52:23 +02:00
update.go api/types/events: define "Action" type and consts 2023-08-29 00:38:08 +02:00
update_linux.go daemon: stop setting container resources to zero 2023-06-06 12:13:05 -04:00
update_linux_test.go daemon: stop setting container resources to zero 2023-06-06 12:13:05 -04:00
update_windows.go Windows: Experimental: Allow containerd for runtime 2019-03-12 18:41:55 -07:00
volumes.go api/pre-1.44: Default ReadOnlyNonRecursive to true 2024-02-28 10:00:22 +01:00
volumes_linux.go Fix the several typos detected by github.com/client9/misspell 2018-08-09 00:45:00 +09:00
volumes_linux_test.go daemon: rename variables that collide with imported package names 2020-04-14 17:22:23 +02:00
volumes_unit_test.go volume/mounts: remove "containerOS" argument from NewParser (LCOW code) 2021-07-02 13:51:55 +02:00
volumes_unix.go api/types/events: define "Action" type and consts 2023-08-29 00:38:08 +02:00
volumes_windows.go Add ADD/COPY --chown flag support to Windows 2018-08-13 21:59:11 -07:00
wait.go Switch from x/net/context -> context 2018-04-23 13:52:44 -07:00
workdir.go Add ADD/COPY --chown flag support to Windows 2018-08-13 21:59:11 -07:00