by @fricklerhandwerk Activity log
- Created automatic suggestion
- @fricklerhandwerk dismissed
Podman: buildah: cri-o: fips crypto-policy directory mounting issue in containers/common go library
A flaw was found in Go. When FIPS mode is enabled on a system, container runtimes may incorrectly handle certain file paths due to improper validation in the containers/common Go library. This flaw allows an attacker to exploit symbolic links and trick the system into mounting sensitive host directories inside a container. This issue also allows attackers to access critical host files, bypassing the intended isolation between containers and the host system.
Affected products
- *
- *
- *
- *
- *
- <0.60.4
Matching in nixpkgs
pkgs.cri-o
Open Container Initiative-based implementation of the Kubernetes Container Runtime Interface
pkgs.podman
Program for managing pods, containers and container images
pkgs.buildah
Tool which facilitates building OCI images
pkgs.podman-tui
Podman Terminal UI
pkgs.podman-compose
Implementation of docker-compose with podman backend
pkgs.podman-desktop
A graphical tool for developing on containers and Kubernetes
pkgs.cri-o-unwrapped
Open Container Initiative-based implementation of the Kubernetes Container Runtime Interface
pkgs.buildah-unwrapped
Tool which facilitates building OCI images
pkgs.nomad-driver-podman
Podman task driver for Nomad
pkgs.python311Packages.podman
Python bindings for Podman's RESTful API
Package maintainers
-
@saschagrunert Sascha Grunert <mail@saschagrunert.de>
-
@vdemeester Vincent Demeester <vincent@sbr.pm>
-
@cpcloud Phillip Cloud
-
@sikmir Nikolay Korotkiy <sikmir@disroot.org>
-
@booxter Ihar Hrachyshka <ihar.hrachyshka@gmail.com>
-
@panda2134 panda2134 <me+nixpkgs@panda2134.site>
-
@aaronjheng Aaron Jheng <wentworth@outlook.com>
-
@fabaff Fabian Affolter <mail@fabian-affolter.ch>