Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[v4.4.1-rhel] remote,build: error if containerignore is symlink #20991

Closed
wants to merge 1 commit into from
Closed

[v4.4.1-rhel] remote,build: error if containerignore is symlink #20991

wants to merge 1 commit into from

Conversation

TomSweeneyRedHat
Copy link
Member

Drop support for remote use-cases when .containerignore or .dockerignore is a symlink pointing to arbitrary location on host.

Addresses: https://issues.redhat.com/browse/RHEL-13468 and
https://issues.redhat.com/browse/RHEL-16395
CVE-2022-4122

Picked from #16315

Does this PR introduce a user-facing change?

None

@flouthoc @TomSweeneyRedHat
[v4.4.1-rhel] remote,build: error if containerignore is symlink
85422b6 
Drop support for remote use-cases when `.containerignore` or
`.dockerignore` is a symlink pointing to arbitrary location on host.

Addresses: https://issues.redhat.com/browse/RHEL-13468 and
           https://issues.redhat.com/browse/RHEL-16395
           CVE-2022-4122

Signed-off-by: Aditya R <[email protected]>
Signed-off-by: TomSweeneyRedHat <[email protected]>
@github-actions github-actions bot added the kind/api-change Change to remote API; merits scrutiny label Dec 11, 2023
@openshift-ci OpenShift CI
Copy link
Contributor

openshift-ci bot commented Dec 11, 2023

[APPROVALNOTIFIER] This PR is APPROVED

This pull-request has been approved by: TomSweeneyRedHat

The full list of commands accepted by this bot can be found here.

The pull request process is described here

Needs approval from an approver in each of these files:

Approvers can indicate their approval by writing /approve in a comment
Approvers can cancel approval by writing /approve cancel in a comment

@openshift-ci openshift-ci bot added the approved Indicates a PR has been approved by an approver from all required OWNERS files. label Dec 11, 2023
@TomSweeneyRedHat
Copy link
Member Author

@cevich does this branch have viable tests still? @flouthoc do you by chance know what might be going on with the tests here?

@cevich
Copy link
Member

cevich commented Dec 13, 2023

Hrmmm, yes it's enabled and monitored. The most recent branch-level run happened and passed. Investigating...

@cevich
Copy link
Member

cevich commented Dec 13, 2023

Ahh, [Fail] Podman search [It] podman search image, is a common (suspected) quay.io flake.

I noticed other branches had switched the tests to use a different image. So it's possible/maybe something is broken just with quay.io/libpod/whalesay? When I run a search against it locally, I also get zero output. But this exact problem was happening at some point on other branches with different images so 🤷‍♂️

@edsantiago does any of this jive with your knowledge or recollection? Is it fixed or still an ongoing problem do you know?

@edsantiago
Copy link
Member

I'm guessing this is a takeover of #20906 in the absence of @lsm5? If so, see that PR for the solution. In particular, see the emergency-ci-fix commit.

@cevich
Copy link
Member

cevich commented Dec 13, 2023

Thanks Ed, I knew this problem seemed familiar somehow, thanks for connecting the dots 🤣

@TomSweeneyRedHat
Copy link
Member Author

Thanks @edsantiago and @cevich I'd completely forgotten @lsm5 had submitted that. Too many balls up in the air. I'm going to close this and we'll chase down the error in the other PR>

@github-actions github-actions bot added the locked - please file new issue/PR Assist humans wanting to comment on an old issue or PR with locked comments. label Mar 13, 2024
@github-actions github-actions bot locked as resolved and limited conversation to collaborators Mar 13, 2024
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Reviewers
No reviews
Assignees
No one assigned
Labels
approved Indicates a PR has been approved by an approver from all required OWNERS files. kind/api-change Change to remote API; merits scrutiny locked - please file new issue/PR Assist humans wanting to comment on an old issue or PR with locked comments. release-note-none
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
4 participants
@TomSweeneyRedHat @cevich @edsantiago @flouthoc