secureopen

package
v0.37.0 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Jan 30, 2025 License: Apache-2.0 Imports: 7 Imported by: 0

Documentation

Overview

Package secureopen provides a way to securely open a file in a container and checking that the path didn't move outside of the container rootfs.

Index

Constants

This section is empty.

Variables

This section is empty.

Functions

func OpenInContainer 

func OpenInContainer(containerPid uint32, unsafePath string) (*os.File, error)

OpenInContainer opens the given path in the given container referenced by containerPid in read-only mode.

The resulting open file is guaranteed to be: - inside the provided container - a regular file - without following magic links from procfs

It relies on openat2 with RESOLVE_IN_ROOT | RESOLVE_NO_MAGICLINKS flags.

Requires Linux 5.6 for openat2: https://github.com/torvalds/linux/commit/fddb5d430ad9fa91b49b1d34d0202ffe2fa0e179

func ReadFileInContainer 

func ReadFileInContainer(containerPid uint32, unsafePath string, limitBytes int64) ([]byte, error)

ReadFileInContainer reads the named file and returns the contents.

This is similar to os.ReadFile() except the file is opened with OpenInContainer().

Types

This section is empty.

Source Files

View all Source files

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.