[PATCH] Fix CVE-2020-15257
This is the 1.2 backport. It's the Samuel Karp patch with additional changes:
- Add ReadAddress function from commit
84a24711e88
- Add "horten the unix socket path for shim" commit (
a631796fda6)
Below is the original commit message:
-----------------------------------------------------------------------
Use path based unix socket for shims
This allows filesystem based ACLs for configuring access to the socket of a
shim.
Co-authored-by: Samuel Karp <skarp@amazon.com>
Signed-off-by: Samuel Karp <skarp@amazon.com>
Signed-off-by: Michael Crosby <michael@thepasture.io>
Signed-off-by: Michael Crosby <michael.crosby@apple.com>
-----------------------------------------------------------------------
containerd-shim: use path-based unix socket
This allows filesystem-based ACLs for configuring access to the socket
of a shim.
Ported from Michael Crosby's similar patch for v2 shims.
Signed-off-by: Samuel Karp <skarp@amazon.com>
-----------------------------------------------------------------------
Co-authored-by: Paulo Flabiano Smorigo <pfsmorigo@canonical.com>
Co-authored-by: varsha teratipally <teratipally@google.com>
Signed-off-by: Tianon Gravi <tianon@infosiftr.com>
Gbp-Pq: Name cve-2020-15257.patch
projects / docker.io.git / commit