github/kata-containers
1
0
Fork 2
mirror of https://github.com/kata-containers/kata-containers.git synced 2025-10-31 09:26:52 +00:00
Code Issues Projects Releases Wiki Activity

versions: update Rust to 1.58.1

Browse Source 
Update Rust to 1.58.1 to fix CVE-2022-21658.

Fixes: #3570

Signed-off-by: bin <bin@hyper.sh>
This commit is contained in:
bin
2022-01-29 09:20:30 +08:00
parent a5ebeb96c1
commit bcce1a1911
6 changed files with 8 additions and 16 deletions
Download Patch File Download Diff File Expand all files Collapse all files

4
src/agent/rustjail/src/container.rs
View File

@@ -685,8 +685,8 @@ fn do_init_child(cwfd: RawFd) -> Result<()> {
Mode::from_bits_truncate(0), Mode::from_bits_truncate(0),
)?; )?;
unistd::close(fifofd)?; unistd::close(fifofd)?;
let mut buf: &mut [u8] = &mut [0]; let buf: &mut [u8] = &mut [0];
unistd::read(fd, &mut buf)?; unistd::read(fd, buf)?;
} }
// With NoNewPrivileges, we should set seccomp as close to // With NoNewPrivileges, we should set seccomp as close to

2
src/agent/rustjail/src/mount.rs
View File

@@ -728,7 +728,7 @@ fn secure_join(rootfs: &str, unsafe_path: &str) -> String {
path.push(it); path.push(it);
if let Ok(v) = path.read_link() { if let Ok(v) = path.read_link() {
if v.is_absolute() { if v.is_absolute() {
path = PathBuf::from(format!("{}{}", rootfs, v.to_str().unwrap().to_string())); path = PathBuf::from(format!("{}{}", rootfs, v.to_str().unwrap()));
} else { } else {
path.pop(); path.pop();
for it in v.iter() { for it in v.iter() {

7
src/agent/src/namespace.rs
View File

@@ -23,12 +23,7 @@ pub const NSTYPEPID: &str = "pid";
#[instrument] #[instrument]
pub fn get_current_thread_ns_path(ns_type: &str) -> String { pub fn get_current_thread_ns_path(ns_type: &str) -> String {
format!( format!("/proc/{}/task/{}/ns/{}", getpid(), gettid(), ns_type)
"/proc/{}/task/{}/ns/{}",
getpid().to_string(),
gettid().to_string(),
ns_type
)
} }
#[derive(Debug)] #[derive(Debug)]

5
src/agent/src/sandbox.rs
View File

@@ -436,11 +436,8 @@ fn online_cpus(logger: &Logger, num: i32) -> Result<i32> {
r"cpu[0-9]+", r"cpu[0-9]+",
num - onlined_count, num - onlined_count,
); );
if r.is_err() {
return r;
}
onlined_count += r.unwrap(); onlined_count += r?;
if onlined_count == num { if onlined_count == num {
info!(logger, "online {} CPU(s) after {} retries", num, i); info!(logger, "online {} CPU(s) after {} retries", num, i);
return Ok(num); return Ok(num);

2
src/agent/src/watcher.rs
View File

@@ -284,7 +284,7 @@ impl Storage {
.with_context(|| { .with_context(|| {
format!( format!(
"Failed to strip prefix: {} - {}", "Failed to strip prefix: {} - {}",
source_file_path.as_ref().display().to_string(), source_file_path.as_ref().display(),
&self.source_mount_point.display() &self.source_mount_point.display()
) )
})?; })?;

4
versions.yaml
View File

@@ -260,12 +260,12 @@ languages:
rust: rust:
description: "Rust language" description: "Rust language"
notes: "'version' is the default minimum version used by this project." notes: "'version' is the default minimum version used by this project."
version: "1.45.0" version: "1.58.1"
meta: meta:
description: | description: |
'newest-version' is the latest version known to work when 'newest-version' is the latest version known to work when
building Kata building Kata
newest-version: "1.54.0" newest-version: "1.58.1"
specs: specs:
description: "Details of important specifications" description: "Details of important specifications"