dilim/runc
1
0
Fork 0
mirror of https://github.com/opencontainers/runc.git synced 2026-06-30 19:58:25 +00:00
Code Issues Packages Projects Releases Wiki Activity

rootfs: make cgroupv1 subsystem symlinks fd-based

Browse Source 
As with /dev symlinks, this was missed in commit d40b3439a9 ("rootfs:
switch to fd-based handling of mountpoint targets"). It's not really
clear to what extent this was exploitable (/sys/fs/cgroup is a tmpfs we
create) but it's better to just fix this anyway.

Fixes: d40b3439a9 ("rootfs: switch to fd-based handling of mountpoint targets")
Signed-off-by: Aleksa Sarai <aleksa@amutable.com>
This commit is contained in:
Aleksa Sarai
2026-04-15 01:44:21 +10:00
parent 864db8042d
commit 66acd48f9d
1 changed files with 2 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files

3
libcontainer/rootfs_linux.go
View File

@@ -387,7 +387,8 @@ func mountCgroupV1(m mountEntry, c *mountConfig) error {
// symlink(2) is very dumb, it will just shove the path into
// the link and doesn't do any checks or relative path
// conversion. Also, don't error out if the cgroup already exists.
if err := os.Symlink(mc, filepath.Join(c.root.Name(), m.Destination, ss)); err != nil && !errors.Is(err, os.ErrExist) {
ssPath := filepath.Join(m.Destination, ss)
if err := pathrs.SymlinkInRoot(mc, c.root, ssPath); err != nil && !errors.Is(err, os.ErrExist) {
return err
}
}