packages/iSulad
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

!495 add primary group to additional groups

Browse Source 
From: @zh_xiaoyu 
Reviewed-by: @duguhaotian 
Signed-off-by: @duguhaotian
This commit is contained in:
openeuler-ci-bot 2022-11-26 01:33:45 +00:00 committed by Gitee
commit f28686d242
No known key found for this signature in database
GPG Key ID: 173E9B9CA92EEF8F
2 changed files with 39 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

31
0046-add-primary-group-to-additional-groups.patch Normal file
View File

@ -0,0 +1,31 @@
From d1527a3b8405d92f638c46c8250f2636ba18c644 Mon Sep 17 00:00:00 2001
From: zhangxiaoyu <zhangxiaoyu58@huawei.com>
Date: Fri, 25 Nov 2022 16:22:47 +0800
Subject: [PATCH] add primary group to additional groups
Signed-off-by: zhangxiaoyu <zhangxiaoyu58@huawei.com>
---
src/daemon/modules/image/image_rootfs_handler.c | 7 +++++++
1 file changed, 7 insertions(+)
diff --git a/src/daemon/modules/image/image_rootfs_handler.c b/src/daemon/modules/image/image_rootfs_handler.c
index 842c1dd3..a76363d0 100644
--- a/src/daemon/modules/image/image_rootfs_handler.c
+++ b/src/daemon/modules/image/image_rootfs_handler.c
@@ -546,6 +546,13 @@ int get_user_from_image_roofs(const char *basefs, const host_config *hc, const c
}
}
+ // CVE-2022-36109
+ // add primary group to additional groups
+ ret = append_additional_gids(puser->gid, &puser->additional_gids, &puser->additional_gids_len);
+ if (ret != 0) {
+ goto cleanup;
+ }
+
cleanup:
if (f_passwd != NULL) {
fclose(f_passwd);
--
2.25.1

9
iSulad.spec
View File

@ -1,5 +1,5 @@
%global _version 2.0.17
%global _release 8
%global _release 9
%global is_systemd 1
%global enable_shimv2 1
%global is_embedded 1
@ -58,6 +58,7 @@ Patch0042: 0042-isula-usage-consistency-optimization.patch
Patch0043: 0043-fix-do-container_unref-in-oci_rootfs_clean.patch
Patch0044: 0044-fix-can-not-install-isulad-rpm-because-of-spec.patch
Patch0045: 0045-remove-unknown-option-wno-maybe-uninitialized.patch
Patch0046: 0046-add-primary-group-to-additional-groups.patch
%ifarch x86_64 aarch64
Provides: libhttpclient.so()(64bit)
@ -284,6 +285,12 @@ fi
%endif
%changelog
* Fri Nov 25 2022 zhangxiaoyu <zhangxiaoyu58@huawei.com> - 2.0.17-9
- Type: bugfix
- ID: NA
- SUG: NA
- DESC: add primary group to additional groups
* Mon Nov 21 2022 zhangxiaoyu <zhangxiaoyu58@huawei.com> - 2.0.17-8
- Type: bugfix
- ID: NA