From 2a263d0b05790bd512eb91c5b1221266b23d1e09 Mon Sep 17 00:00:00 2001 From: Matt Heon Date: Tue, 1 Oct 2024 12:38:45 -0400 Subject: [PATCH] Validate the bind-propagation option to `--mount` Similar to github.com/containers/buildah/pull/5761 but not security critical as Podman does not have an expectation that mounts are scoped (the ability to write a --mount option is already the ability to mount arbitrary content into the container so sneaking arbitrary options into the mount doesn't have security implications). Still, bad practice to let users inject anything into the mount command line so let's not do that. Signed-off-by: Matt Heon --- pkg/specgenutil/volumes.go | 6 ++++++ test/e2e/run_volume_test.go | 4 ++++ 2 files changed, 10 insertions(+) diff --git a/pkg/specgenutil/volumes.go b/pkg/specgenutil/volumes.go index 510b11254b80..4f41c72e2f9b 100644 --- a/pkg/specgenutil/volumes.go +++ b/pkg/specgenutil/volumes.go @@ -272,6 +272,12 @@ func parseMountOptions(mountType string, args []string) (*spec.Mount, error) { if !hasValue { return nil, fmt.Errorf("%v: %w", name, errOptionArg) } + switch value { + case "shared", "rshared", "private", "rprivate", "slave", "rslave", "unbindable", "runbindable": + // Do nothing, sane value + default: + return nil, fmt.Errorf("invalid value %q for mount option", value) + } mnt.Options = append(mnt.Options, value) case "consistency": // Often used on MACs and mistakenly on Linux platforms. diff --git a/test/e2e/run_volume_test.go b/test/e2e/run_volume_test.go index 4a4a7078e145..dd62846d34c0 100644 --- a/test/e2e/run_volume_test.go +++ b/test/e2e/run_volume_test.go @@ -122,6 +122,10 @@ var _ = Describe("Podman run with volumes", func() { session.WaitWithDefaultTimeout() Expect(session).To(ExitWithError(125, `"notmpcopyup" option not supported for "bind" mount types`)) + session = podmanTest.Podman([]string{"run", "--rm", "--mount", "type=bind,src=/tmp,target=/tmp,bind-propagation=fake", ALPINE, "true"}) + session.WaitWithDefaultTimeout() + Expect(session).To(ExitWithError(125, `invalid value "fake" for bind-propagation mount option`)) + session = podmanTest.Podman([]string{"run", "--rm", "--mount", "type=tmpfs,target=/etc/ssl,notmpcopyup", ALPINE, "ls", "/etc/ssl"}) session.WaitWithDefaultTimeout() Expect(session).Should(ExitCleanly())