public_git
/
kaniko
mirror of https://github.com/GoogleContainerTools/kaniko
1
0
Fork 0
Code Issues Releases Wiki Activity

Merge pull request #347 from priyawadhwa/amazon 

Whitelist /etc/mtab
This commit is contained in:
priyawadhwa 2018-09-12 16:08:12 -07:00 committed by GitHub
parent ae39c0fa8b c13f6e84ed
commit c814466e15
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
2 changed files with 4 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
pkg/util/fs_util.go
View File

@ -40,6 +40,9 @@ var whitelist = []string{
// which leads to a special mount on the /var/run/docker.sock file itself, but the directory to exist // which leads to a special mount on the /var/run/docker.sock file itself, but the directory to exist
// in the image with no way to tell if it came from the base image or not. // in the image with no way to tell if it came from the base image or not.
"/var/run", "/var/run",
// similarly, we whitelist /etc/mtab, since there is no way to know if the file was mounted or came
// from the base image
"/etc/mtab",
} }
var volumeWhitelist = []string{} var volumeWhitelist = []string{}
@ -194,7 +197,6 @@ func extractFile(dest string, hdr *tar.Header, tr io.Reader) error {
return err return err
} }
currFile.Close() currFile.Close()
case tar.TypeDir: case tar.TypeDir:
logrus.Debugf("creating dir %s", path) logrus.Debugf("creating dir %s", path)
if err := os.MkdirAll(path, mode); err != nil { if err := os.MkdirAll(path, mode); err != nil {

2
pkg/util/fs_util_test.go
View File

@ -50,7 +50,7 @@ func Test_fileSystemWhitelist(t *testing.T) {
} }
actualWhitelist, err := fileSystemWhitelist(path) actualWhitelist, err := fileSystemWhitelist(path)
expectedWhitelist := []string{"/kaniko", "/proc", "/dev", "/dev/pts", "/sys", "/var/run"} expectedWhitelist := []string{"/kaniko", "/proc", "/dev", "/dev/pts", "/sys", "/var/run", "/etc/mtab"}
sort.Strings(actualWhitelist) sort.Strings(actualWhitelist)
sort.Strings(expectedWhitelist) sort.Strings(expectedWhitelist)
testutil.CheckErrorAndDeepEqual(t, false, err, expectedWhitelist, actualWhitelist) testutil.CheckErrorAndDeepEqual(t, false, err, expectedWhitelist, actualWhitelist)