go.modgo.sumclientconn.gocodec.godialoptions.gomodules.txt
vendor
github.com
charmbracelet
cpuguy83
cyphar
filepath-securejoin
docker
cli
cli-plugins
cli
command
compose
interpolation
loader
schema
template
types
config
credentials
context
error.gorequired.gotrust
opts
pkg
kvfile
templates
docker
grpc-ecosystem
grpc-gateway
v2
runtime
prometheus
go.opentelemetry.io
auto
sdk
contrib
instrumentation
net
http
otelhttp
otel
.golangci.ymlCHANGELOG.mdMakefileVERSIONING.md
baggage
codes
exporters
otlp
otlpmetric
otlpmetricgrpc
otlptrace
internal
sdk
trace
version.goversions.yamlproto
otlp
metrics
golang.org
x
crypto
ssh
exp
net
sys
unix
zerrors_linux.gozerrors_linux_386.gozerrors_linux_amd64.gozerrors_linux_arm.gozerrors_linux_arm64.gozerrors_linux_loong64.gozerrors_linux_mips.gozerrors_linux_mips64.gozerrors_linux_mips64le.gozerrors_linux_mipsle.gozerrors_linux_ppc.gozerrors_linux_ppc64.gozerrors_linux_ppc64le.gozerrors_linux_riscv64.gozerrors_linux_s390x.gozerrors_linux_sparc64.goztypes_darwin_amd64.goztypes_darwin_arm64.goztypes_linux.go
windows
google.golang.org
genproto
googleapis
grpc
balancer
balancer_wrapper.gobinarylog
grpc_binarylog_v1
experimental
grpclog
internal
health
grpc_health_v1
internal
mem
preloader.goresolver
rpc_util.goserver.goservice_config.gostats
stream.goversion.goprotobuf
internal
editiondefaults
errors
filedesc
genid
impl
api_export_opaque.gobitmap.gobitmap_race.gocheckinit.gocodec_field_opaque.gocodec_message.gocodec_message_opaque.godecode.goencode.golazy.gomerge.gomessage.gomessage_opaque.gomessage_opaque_gen.gomessage_reflect.gomessage_reflect_field.gomessage_reflect_field_gen.gopointer_unsafe.gopointer_unsafe_opaque.gopresence.govalidate.go
protolazy
version
proto
reflect
protoreflect
runtime
types
known
anypb
durationpb
fieldmaskpb
structpb
timestamppb
wrapperspb
30
vendor/github.com/cyphar/filepath-securejoin/procfs_linux.go
generated
vendored
30
vendor/github.com/cyphar/filepath-securejoin/procfs_linux.go
generated
vendored
@ -12,7 +12,6 @@ import (
|
||||
"os"
|
||||
"runtime"
|
||||
"strconv"
|
||||
"sync"
|
||||
|
||||
"golang.org/x/sys/unix"
|
||||
)
|
||||
@ -54,7 +53,7 @@ func verifyProcRoot(procRoot *os.File) error {
|
||||
return nil
|
||||
}
|
||||
|
||||
var hasNewMountApi = sync.OnceValue(func() bool {
|
||||
var hasNewMountApi = sync_OnceValue(func() bool {
|
||||
// All of the pieces of the new mount API we use (fsopen, fsconfig,
|
||||
// fsmount, open_tree) were added together in Linux 5.1[1,2], so we can
|
||||
// just check for one of the syscalls and the others should also be
|
||||
@ -192,11 +191,11 @@ func doGetProcRoot() (*os.File, error) {
|
||||
return procRoot, err
|
||||
}
|
||||
|
||||
var getProcRoot = sync.OnceValues(func() (*os.File, error) {
|
||||
var getProcRoot = sync_OnceValues(func() (*os.File, error) {
|
||||
return doGetProcRoot()
|
||||
})
|
||||
|
||||
var hasProcThreadSelf = sync.OnceValue(func() bool {
|
||||
var hasProcThreadSelf = sync_OnceValue(func() bool {
|
||||
return unix.Access("/proc/thread-self/", unix.F_OK) == nil
|
||||
})
|
||||
|
||||
@ -265,12 +264,20 @@ func procThreadSelf(procRoot *os.File, subpath string) (_ *os.File, _ procThread
|
||||
Resolve: unix.RESOLVE_BENEATH | unix.RESOLVE_NO_XDEV | unix.RESOLVE_NO_MAGICLINKS,
|
||||
})
|
||||
if err != nil {
|
||||
return nil, nil, fmt.Errorf("%w: %w", errUnsafeProcfs, err)
|
||||
// TODO: Once we bump the minimum Go version to 1.20, we can use
|
||||
// multiple %w verbs for this wrapping. For now we need to use a
|
||||
// compatibility shim for older Go versions.
|
||||
//err = fmt.Errorf("%w: %w", errUnsafeProcfs, err)
|
||||
return nil, nil, wrapBaseError(err, errUnsafeProcfs)
|
||||
}
|
||||
} else {
|
||||
handle, err = openatFile(procRoot, threadSelf+subpath, unix.O_PATH|unix.O_NOFOLLOW|unix.O_CLOEXEC, 0)
|
||||
if err != nil {
|
||||
return nil, nil, fmt.Errorf("%w: %w", errUnsafeProcfs, err)
|
||||
// TODO: Once we bump the minimum Go version to 1.20, we can use
|
||||
// multiple %w verbs for this wrapping. For now we need to use a
|
||||
// compatibility shim for older Go versions.
|
||||
//err = fmt.Errorf("%w: %w", errUnsafeProcfs, err)
|
||||
return nil, nil, wrapBaseError(err, errUnsafeProcfs)
|
||||
}
|
||||
defer func() {
|
||||
if Err != nil {
|
||||
@ -289,12 +296,17 @@ func procThreadSelf(procRoot *os.File, subpath string) (_ *os.File, _ procThread
|
||||
return handle, runtime.UnlockOSThread, nil
|
||||
}
|
||||
|
||||
var hasStatxMountId = sync.OnceValue(func() bool {
|
||||
// STATX_MNT_ID_UNIQUE is provided in golang.org/x/sys@v0.20.0, but in order to
|
||||
// avoid bumping the requirement for a single constant we can just define it
|
||||
// ourselves.
|
||||
const STATX_MNT_ID_UNIQUE = 0x4000
|
||||
|
||||
var hasStatxMountId = sync_OnceValue(func() bool {
|
||||
var (
|
||||
stx unix.Statx_t
|
||||
// We don't care which mount ID we get. The kernel will give us the
|
||||
// unique one if it is supported.
|
||||
wantStxMask uint32 = unix.STATX_MNT_ID_UNIQUE | unix.STATX_MNT_ID
|
||||
wantStxMask uint32 = STATX_MNT_ID_UNIQUE | unix.STATX_MNT_ID
|
||||
)
|
||||
err := unix.Statx(-int(unix.EBADF), "/", 0, int(wantStxMask), &stx)
|
||||
return err == nil && stx.Mask&wantStxMask != 0
|
||||
@ -310,7 +322,7 @@ func getMountId(dir *os.File, path string) (uint64, error) {
|
||||
stx unix.Statx_t
|
||||
// We don't care which mount ID we get. The kernel will give us the
|
||||
// unique one if it is supported.
|
||||
wantStxMask uint32 = unix.STATX_MNT_ID_UNIQUE | unix.STATX_MNT_ID
|
||||
wantStxMask uint32 = STATX_MNT_ID_UNIQUE | unix.STATX_MNT_ID
|
||||
)
|
||||
|
||||
err := unix.Statx(int(dir.Fd()), path, unix.AT_EMPTY_PATH|unix.AT_SYMLINK_NOFOLLOW, int(wantStxMask), &stx)
|
||||
|
||||
Reference in New Issue
Block a user