packages/docker
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
docker/patch/0231-docker-AdditionalGids-must-include-effective-group-I.patch

33 lines
1.1 KiB
Diff
Raw Normal View History

docker: fix CVE-2022-36109 fix #I5QLCS
2022-09-15 10:48:15 +08:00
From 7f4258e2b8b9b769beab23246d27984ada539ac9 Mon Sep 17 00:00:00 2001
From: chenjiankun <chenjiankun1@huawei.com>
Date: Thu, 15 Sep 2022 10:33:12 +0800
Subject: [PATCH] docker: AdditionalGids must include effective group ID
otherwise this one won't be considered for permission checks
Signed-off-by: Nicolas De Loof <nicolas.deloof@gmail.com>
Conflict:daemon/oci_linux.go
Reference:https://github.com/moby/moby/commit/de7af816e76a7fd3fbf06bffa6832959289fba32
---
components/engine/daemon/oci_linux.go | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/components/engine/daemon/oci_linux.go b/components/engine/daemon/oci_linux.go
index 6d3bc165..2b803955 100644
--- a/components/engine/daemon/oci_linux.go
+++ b/components/engine/daemon/oci_linux.go
@@ -201,7 +201,7 @@ func getUser(c *container.Container, username string) (uint32, uint32, []uint32,
uid := uint32(execUser.Uid)
gid := uint32(execUser.Gid)
sgids := append(execUser.Sgids, addGroups...)
- var additionalGids []uint32
+ additionalGids := []uint32{gid}
for _, g := range sgids {
additionalGids = append(additionalGids, uint32(g))
}
--
2.23.0
Reference in New Issue Copy Permalink