From 985b57d9f76b661562b845c2215d2e03283d038e Mon Sep 17 00:00:00 2001 From: Matt Heon Date: Tue, 1 Oct 2024 12:38:45 -0400 Subject: [PATCH] Validate the bind-propagation option to `--mount` Similar to github.com/containers/buildah/pull/5761 but not security critical as Podman does not have an expectation that mounts are scoped (the ability to write a --mount option is already the ability to mount arbitrary content into the container so sneaking arbitrary options into the mount doesn't have security implications). Still, bad practice to let users inject anything into the mount command line so let's not do that. Signed-off-by: Matt Heon --- pkg/specgenutil/volumes.go | 6 ++++++ test/e2e/run_volume_test.go | 4 ++++ 2 files changed, 10 insertions(+) diff --git a/pkg/specgenutil/volumes.go b/pkg/specgenutil/volumes.go index 510b11254b..d94aba887f 100644 --- a/pkg/specgenutil/volumes.go +++ b/pkg/specgenutil/volumes.go @@ -272,6 +272,12 @@ func parseMountOptions(mountType string, args []string) (*spec.Mount, error) { if !hasValue { return nil, fmt.Errorf("%v: %w", name, errOptionArg) } + switch value { + case "shared", "rshared", "private", "rprivate", "slave", "rslave", "unbindable", "runbindable": + // Do nothing, sane value + default: + return nil, fmt.Errorf("invalid value %q", arg) + } mnt.Options = append(mnt.Options, value) case "consistency": // Often used on MACs and mistakenly on Linux platforms. diff --git a/test/e2e/run_volume_test.go b/test/e2e/run_volume_test.go index 4a4a7078e1..c3546a317d 100644 --- a/test/e2e/run_volume_test.go +++ b/test/e2e/run_volume_test.go @@ -122,6 +122,10 @@ var _ = Describe("Podman run with volumes", func() { session.WaitWithDefaultTimeout() Expect(session).To(ExitWithError(125, `"notmpcopyup" option not supported for "bind" mount types`)) + session = podmanTest.Podman([]string{"run", "--rm", "--mount", "type=bind,src=/tmp,target=/tmp,bind-propagation=fake", ALPINE, "true"}) + session.WaitWithDefaultTimeout() + Expect(session).To(ExitWithError(125, `invalid value "bind-propagation=fake"`)) + session = podmanTest.Podman([]string{"run", "--rm", "--mount", "type=tmpfs,target=/etc/ssl,notmpcopyup", ALPINE, "ls", "/etc/ssl"}) session.WaitWithDefaultTimeout() Expect(session).Should(ExitCleanly())