mirror of
https://github.com/containers/skopeo.git
synced 2025-09-25 12:16:17 +00:00
Bump github.com/containers/storage from 1.40.2 to 1.41.0
Bumps [github.com/containers/storage](https://github.com/containers/storage) from 1.40.2 to 1.41.0. - [Release notes](https://github.com/containers/storage/releases) - [Changelog](https://github.com/containers/storage/blob/main/docs/containers-storage-changes.md) - [Commits](https://github.com/containers/storage/compare/v1.40.2...v1.41.0) --- updated-dependencies: - dependency-name: github.com/containers/storage dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <support@github.com>
This commit is contained in:
dependabot[bot]
GitHub
9
vendor/github.com/containers/storage/pkg/chrootarchive/archive.go
generated
vendored
9
vendor/github.com/containers/storage/pkg/chrootarchive/archive.go
generated
vendored
@@ -5,9 +5,7 @@ import (
|
||||
"fmt"
|
||||
"io"
|
||||
"io/ioutil"
|
||||
"net"
|
||||
"os"
|
||||
"os/user"
|
||||
"path/filepath"
|
||||
"sync"
|
||||
|
||||
@@ -17,13 +15,6 @@ import (
|
||||
"github.com/pkg/errors"
|
||||
)
|
||||
|
||||
func init() {
|
||||
// initialize nss libraries in Glibc so that the dynamic libraries are loaded in the host
|
||||
// environment not in the chroot from untrusted files.
|
||||
_, _ = user.Lookup("storage")
|
||||
_, _ = net.LookupHost("localhost")
|
||||
}
|
||||
|
||||
// NewArchiver returns a new Archiver which uses chrootarchive.Untar
|
||||
func NewArchiver(idMappings *idtools.IDMappings) *archive.Archiver {
|
||||
archiver := archive.NewArchiver(idMappings)
|
||||
|
||||
7
vendor/github.com/containers/storage/pkg/chrootarchive/chroot_linux.go
generated
vendored
7
vendor/github.com/containers/storage/pkg/chrootarchive/chroot_linux.go
generated
vendored
@@ -3,7 +3,9 @@ package chrootarchive
|
||||
import (
|
||||
"fmt"
|
||||
"io/ioutil"
|
||||
"net"
|
||||
"os"
|
||||
"os/user"
|
||||
"path/filepath"
|
||||
|
||||
"github.com/containers/storage/pkg/mount"
|
||||
@@ -23,6 +25,11 @@ func chroot(path string) (err error) {
|
||||
return err
|
||||
}
|
||||
|
||||
// initialize nss libraries in Glibc so that the dynamic libraries are loaded in the host
|
||||
// environment not in the chroot from untrusted files.
|
||||
_, _ = user.Lookup("storage")
|
||||
_, _ = net.LookupHost("localhost")
|
||||
|
||||
// if the process doesn't have CAP_SYS_ADMIN, but does have CAP_SYS_CHROOT, we need to use the actual chroot
|
||||
if !caps.Get(capability.EFFECTIVE, capability.CAP_SYS_ADMIN) && caps.Get(capability.EFFECTIVE, capability.CAP_SYS_CHROOT) {
|
||||
return realChroot(path)
|
||||
|
||||
Reference in New Issue
Block a user