mirror of
https://github.com/opencontainers/runc.git
synced 2026-07-11 06:03:57 +08:00
apparmor: use safe procfs API for labels
EnsureProcHandle only protects us against a tmpfs mount, but the risk of a procfs path being used (such as /proc/self/sched) has been known for a while. Now that filepath-securejoin has a reasonably safe procfs API, switch to it. Fixes: GHSA-cgrx-mc8f-2prm CVE-2025-52881 Signed-off-by: Aleksa Sarai <cyphar@cyphar.com>
This commit is contained in:
@@ -6,6 +6,9 @@ import (
|
||||
"os"
|
||||
"sync"
|
||||
|
||||
"golang.org/x/sys/unix"
|
||||
|
||||
"github.com/opencontainers/runc/internal/pathrs"
|
||||
"github.com/opencontainers/runc/libcontainer/utils"
|
||||
)
|
||||
|
||||
@@ -36,15 +39,15 @@ func setProcAttr(attr, value string) error {
|
||||
// Under AppArmor you can only change your own attr, so there's no reason
|
||||
// to not use /proc/thread-self/ (instead of /proc/<tid>/, like libapparmor
|
||||
// does).
|
||||
attrPath, closer := utils.ProcThreadSelf(attrSubPath)
|
||||
defer closer()
|
||||
|
||||
f, err := os.OpenFile(attrPath, os.O_WRONLY, 0)
|
||||
f, closer, err := pathrs.ProcThreadSelfOpen(attrSubPath, unix.O_WRONLY|unix.O_CLOEXEC)
|
||||
if err != nil {
|
||||
return err
|
||||
}
|
||||
defer closer()
|
||||
defer f.Close()
|
||||
|
||||
// NOTE: This is not really necessary since securejoin.ProcThreadSelf
|
||||
// verifies this in a far stricter sense than EnsureProcHandle.
|
||||
if err := utils.EnsureProcHandle(f); err != nil {
|
||||
return err
|
||||
}
|
||||
|
||||
Reference in New Issue
Block a user