Use getenv not secure_getenv
secure_getenv is a Glibc extension and so this code does not compile on Musl libc any more after this patch. secure_getenv is only intended to be used in setuid binaries, in order that they should not trust their environment. It simply returns NULL if the binary is running setuid. If runc was installed setuid, the user can already do anything as root, so it is game over, so this check is not needed. Signed-off-by: Justin Cormack <justin.cormack@docker.com>
This commit is contained in:
parent
2b18fe1d88
commit
6f714aa928
|
@ -249,7 +249,7 @@ static int make_execfd(int *fdtype)
|
||||||
{
|
{
|
||||||
int fd = -1;
|
int fd = -1;
|
||||||
char template[PATH_MAX] = {0};
|
char template[PATH_MAX] = {0};
|
||||||
char *prefix = secure_getenv("_LIBCONTAINER_STATEDIR");
|
char *prefix = getenv("_LIBCONTAINER_STATEDIR");
|
||||||
|
|
||||||
if (!prefix || *prefix != '/')
|
if (!prefix || *prefix != '/')
|
||||||
prefix = "/tmp";
|
prefix = "/tmp";
|
||||||
|
@ -351,7 +351,7 @@ static int try_bindfd(void)
|
||||||
{
|
{
|
||||||
int fd, ret = -1;
|
int fd, ret = -1;
|
||||||
char template[PATH_MAX] = {0};
|
char template[PATH_MAX] = {0};
|
||||||
char *prefix = secure_getenv("_LIBCONTAINER_STATEDIR");
|
char *prefix = getenv("_LIBCONTAINER_STATEDIR");
|
||||||
|
|
||||||
if (!prefix || *prefix != '/')
|
if (!prefix || *prefix != '/')
|
||||||
prefix = "/tmp";
|
prefix = "/tmp";
|
||||||
|
|
Loading…
Reference in New Issue