github
/
k3s
mirror of https://github.com/k3s-io/k3s
1
0
Fork 0
Code Issues Projects Releases Wiki Activity

Filter seccomp profile path from malicious .. and /

pull/6/head
Dr. Stefan Schimanski 2016-06-08 13:09:02 +02:00
parent 6489abe8b4
commit 6c54ceb0e4
1 changed files with 3 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
pkg/kubelet/dockertools/manager.go
View File

@ -1015,7 +1015,9 @@ func (dm *DockerManager) getSecurityOpt(pod *api.Pod, ctrName string) ([]string,
return nil, fmt.Errorf("unknown seccomp profile option: %s", profile)
}
file, err := ioutil.ReadFile(filepath.Join(dm.seccompProfileRoot, strings.TrimPrefix(profile, "localhost/")))
name := strings.TrimPrefix(profile, "localhost/")
fname := filepath.Join(dm.seccompProfileRoot, filepath.FromSlash(path.Clean("/"+name)))
file, err := ioutil.ReadFile(fname)
if err != nil {
return nil, err
}