mirror of
https://github.com/opencontainers/runc.git
synced 2026-07-11 06:03:57 +08:00
Use getenv not secure_getenv
secure_getenv is a Glibc extension and so this code does not compile on Musl libc any more after this patch. secure_getenv is only intended to be used in setuid binaries, in order that they should not trust their environment. It simply returns NULL if the binary is running setuid. If runc was installed setuid, the user can already do anything as root, so it is game over, so this check is not needed. Signed-off-by: Justin Cormack <justin.cormack@docker.com>
This commit is contained in:
@@ -249,7 +249,7 @@ static int make_execfd(int *fdtype)
|
||||
{
|
||||
int fd = -1;
|
||||
char template[PATH_MAX] = {0};
|
||||
char *prefix = secure_getenv("_LIBCONTAINER_STATEDIR");
|
||||
char *prefix = getenv("_LIBCONTAINER_STATEDIR");
|
||||
|
||||
if (!prefix || *prefix != '/')
|
||||
prefix = "/tmp";
|
||||
@@ -351,7 +351,7 @@ static int try_bindfd(void)
|
||||
{
|
||||
int fd, ret = -1;
|
||||
char template[PATH_MAX] = {0};
|
||||
char *prefix = secure_getenv("_LIBCONTAINER_STATEDIR");
|
||||
char *prefix = getenv("_LIBCONTAINER_STATEDIR");
|
||||
|
||||
if (!prefix || *prefix != '/')
|
||||
prefix = "/tmp";
|
||||
|
||||
Reference in New Issue
Block a user