Affected by GO-2022-0390 and 6 other vulnerabilities

GO-2022-0390: Moby (Docker Engine) started with non-empty inheritable Linux process capabilities in github.com/docker/docker

GO-2022-0985: Docker supplementary group permissions not set up properly, allowing attackers to bypass primary group restrictions in github.com/docker/docker

GO-2022-1107: Container build can leak any path on the host into the container in github.com/docker/docker

GO-2023-1699: Docker Swarm encrypted overlay network may be unauthenticated in github.com/docker/docker

GO-2023-1700: Docker Swarm encrypted overlay network traffic may be unencrypted in github.com/docker/docker

GO-2023-1701: Docker Swarm encrypted overlay network with a single endpoint is unauthenticated in github.com/docker/docker

GO-2024-2914: Moby (Docker Engine) is vulnerable to Ambiguous OCI manifest parsing in github.com/docker/docker

quota

package

v1.13.0 Latest Latest Go to latest Published: Jan 17, 2017 License: Apache-2.0 Imports: 9 Imported by: 0

Details

Valid go.mod file

The Go module system was introduced in Go 1.11 and is the official dependency management solution for Go.
Redistributable license

Redistributable licenses place minimal restrictions on how software can be used, modified, and redistributed.
Tagged version

Modules with tagged versions give importers more predictable builds.
Stable version

When a project reaches major version v1 it is considered stable.
Learn more about best practices

Repository

github.com/docker/docker

Links

Open Source Insights

Documentation ¶

Index ¶

type Control
- func NewControl(basePath string) (*Control, error)
- func (q *Control) GetQuota(targetPath string, quota *Quota) error
- func (q *Control) SetQuota(targetPath string, quota Quota) error
type Quota

Constants ¶

This section is empty.

Variables ¶

This section is empty.

Functions ¶

This section is empty.

Types ¶

type Control ¶

type Control struct {
	// contains filtered or unexported fields
}

Control - Context to be used by storage driver (e.g. overlay) who wants to apply project quotas to container dirs

func NewControl ¶

func NewControl(basePath string) (*Control, error)

NewControl - initialize project quota support. Test to make sure that quota can be set on a test dir and find the first project id to be used for the next container create.

Returns nil (and error) if project quota is not supported.

First get the project id of the home directory. This test will fail if the backing fs is not xfs.

xfs_quota tool can be used to assign a project id to the driver home directory, e.g.:

echo 999:/var/lib/docker/overlay2 >> /etc/projects
echo docker:999 >> /etc/projid
xfs_quota -x -c 'project -s docker' /<xfs mount point>

In that case, the home directory project id will be used as a "start offset" and all containers will be assigned larger project ids (e.g. >= 1000). This is a way to prevent xfs_quota management from conflicting with docker.

Then try to create a test directory with the next project id and set a quota on it. If that works, continue to scan existing containers to map allocated project ids.

func (*Control) GetQuota ¶

func (q *Control) GetQuota(targetPath string, quota *Quota) error

GetQuota - get the quota limits of a directory that was configured with SetQuota

func (*Control) SetQuota ¶

func (q *Control) SetQuota(targetPath string, quota Quota) error

SetQuota - assign a unique project id to directory and set the quota limits for that project id

type Quota ¶

type Quota struct {
	Size uint64
}

Quota limit params - currently we only control blocks hard limit

Source Files ¶

View all Source files

projectquota.go

?	: This menu
/	: Search site
f or F	: Jump to
y or Y	: Canonical URL