c393080e52
+ 0010-CVE-2024-29018-libnet-Don-t-forward-to-upstream-reso.patch - Add backport for CVE-2024-23650 fix. bsc#1219437 - 0006-CVE-2024-23653-update-buildkit-to-include-CVE-patche.patch + 0006-CVE-2024-2365x-update-buildkit-to-include-CVE-patche.patch - Reorder and rebase patches: * 0001-SECRETS-daemon-allow-directory-creation-in-run-secre.patch * 0002-SECRETS-SUSE-implement-SUSE-container-secrets.patch * 0003-BUILD-SLE12-revert-graphdriver-btrfs-use-kernel-UAPI.patch * 0004-bsc1073877-apparmor-clobber-docker-default-profile-o.patch * 0005-SLE12-revert-apparmor-remove-version-conditionals-fr.patch * 0007-bsc1221916-update-to-patched-buildkit-version-to-fix.patch * 0008-bsc1214855-volume-use-AtomicWriteFile-to-save-volume.patch * 0009-CVE-2024-41110-AuthZ-plugin-securty-fixes.patch - 0010-TESTS-backport-fixes-for-integration-tests.patch + 0011-TESTS-backport-fixes-for-integration-tests.patch OBS-URL: https://build.opensuse.org/package/show/Virtualization:containers/docker-stable?expand=0&rev=16
55 lines
2.1 KiB
Diff
55 lines
2.1 KiB
Diff
From 12c8b7a22f7140b5b4d2c87a7e5d70da082fe558 Mon Sep 17 00:00:00 2001
|
|
From: Aleksa Sarai <cyphar@cyphar.com>
|
|
Date: Wed, 19 Jun 2024 16:30:49 +1000
|
|
Subject: [PATCH 08/11] bsc1214855: volume: use AtomicWriteFile to save volume
|
|
options
|
|
|
|
If the system (or Docker) crashes while saivng the volume options, on
|
|
restart the daemon will error out when trying to read the options file
|
|
because it doesn't contain valid JSON.
|
|
|
|
In such a crash scenario, the new volume will be treated as though it
|
|
has the default options configuration. This is not ideal, but volumes
|
|
created on very old Docker versions (pre-1.11[1], circa 2016) do not
|
|
have opts.json and so doing some kind of cleanup when loading the volume
|
|
store (even if we take care to only delete empty volumes) could delete
|
|
existing volumes carried over from very old Docker versions that users
|
|
would not expect to disappear.
|
|
|
|
Ultimately, if a user creates a volume and the system crashes, a volume
|
|
that has the wrong config is better than Docker not being able to start.
|
|
|
|
[1]: commit b05b2370757d ("Support mount opts for `local` volume driver")
|
|
|
|
SUSE-Bugs: https://bugzilla.suse.com/show_bug.cgi?id=1214855
|
|
(Cherry-picked from commit b4c20da143502e5fc21cc4996b63e83691c515bf.)
|
|
Signed-off-by: Aleksa Sarai <cyphar@cyphar.com>
|
|
---
|
|
volume/local/local.go | 3 ++-
|
|
1 file changed, 2 insertions(+), 1 deletion(-)
|
|
|
|
diff --git a/volume/local/local.go b/volume/local/local.go
|
|
index b4f3a3669a84..077b26f1b813 100644
|
|
--- a/volume/local/local.go
|
|
+++ b/volume/local/local.go
|
|
@@ -16,6 +16,7 @@ import (
|
|
"github.com/docker/docker/daemon/names"
|
|
"github.com/docker/docker/errdefs"
|
|
"github.com/docker/docker/pkg/idtools"
|
|
+ "github.com/docker/docker/pkg/ioutils"
|
|
"github.com/docker/docker/quota"
|
|
"github.com/docker/docker/volume"
|
|
"github.com/pkg/errors"
|
|
@@ -381,7 +382,7 @@ func (v *localVolume) saveOpts() error {
|
|
if err != nil {
|
|
return err
|
|
}
|
|
- err = os.WriteFile(filepath.Join(v.rootPath, "opts.json"), b, 0600)
|
|
+ err = ioutils.AtomicWriteFile(filepath.Join(v.rootPath, "opts.json"), b, 0o600)
|
|
if err != nil {
|
|
return errdefs.System(errors.Wrap(err, "error while persisting volume options"))
|
|
}
|
|
--
|
|
2.47.1
|
|
|