Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

[v4.0-rhel] Backport #17528 #17535

Merged

Conversation

mheon
Copy link
Member

@mheon mheon commented Feb 16, 2023

Backport #17528 to v4.4-rhel per RHBZ 2169617

Does this PR introduce a user-facing change?

NONE

* Utils must support higher level API to create Tar with chrooted into
  directory
* Volume export: use TarwithChroot instead of Tar so we can make sure no
  symlink can be exported by tar if it exists outside of the source
directory.
* container export: use chroot and Tar instead of Tar so we can make sure no
  symlink can be exported by tar if it exists outside of the mointPoint.

[NO NEW TESTS NEEDED]
[NO TESTS NEEDED]
Race needs combination of external/in-container mechanism which is hard to repro in CI.

Closes: BZ:#2168256
CVE: https://access.redhat.com/security/cve/CVE-2023-0778

Signed-off-by: Aditya R <[email protected]>

MH: Backport to v4.4-rhel per RHBZ 2169617

Signed-off-by: Matt Heon <[email protected]>
@openshift-ci
Copy link
Contributor

openshift-ci bot commented Feb 16, 2023

[APPROVALNOTIFIER] This PR is APPROVED

This pull-request has been approved by: mheon

The full list of commands accepted by this bot can be found here.

The pull request process is described here

Needs approval from an approver in each of these files:

Approvers can indicate their approval by writing /approve in a comment
Approvers can cancel approval by writing /approve cancel in a comment

@openshift-ci openshift-ci bot added the approved Indicates a PR has been approved by an approver from all required OWNERS files. label Feb 16, 2023
@TomSweeneyRedHat
Copy link
Member

LGTM
and happy green test buttons.

@mheon
Copy link
Member Author

mheon commented Feb 16, 2023

@baude @ashley-cui @Luap99 PTAL and merge

@ashley-cui
Copy link
Member

/lgtm

@openshift-ci openshift-ci bot added the lgtm Indicates that a PR is ready to be merged. label Feb 16, 2023
@openshift-merge-robot openshift-merge-robot merged commit d54ecc8 into containers:v4.0-rhel Feb 16, 2023
@github-actions github-actions bot added the locked - please file new issue/PR Assist humans wanting to comment on an old issue or PR with locked comments. label Sep 9, 2023
@github-actions github-actions bot locked as resolved and limited conversation to collaborators Sep 9, 2023
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Labels
approved Indicates a PR has been approved by an approver from all required OWNERS files. lgtm Indicates that a PR is ready to be merged. locked - please file new issue/PR Assist humans wanting to comment on an old issue or PR with locked comments. release-note-none
Projects
None yet
Development

Successfully merging this pull request may close these issues.

5 participants