InTheForest/moby
1
0
Fork 0
mirror of https://github.com/moby/moby.git synced 2026-01-11 18:51:37 +00:00
Code Issues Packages Projects Releases Wiki Activity
Files
a3fef5debcb0447b84cf87d4cf9494a4cb3287b5
moby/internal
History
Cesar Talledo a3fef5debc Mask Linux thermal interrupt info in /proc and /sys. 
On Linux, mask "/proc/interrupts" and "/sys/devices/system/cpu/cpu<x>/thermal_throttle"
inside containers by default. Privileged containers or containers started
with --security-opt="systempaths=unconfined" are not affected.

Mitigates potential Thermal Side-Channel Vulnerability Exploit
(https://github.com/moby/moby/security/advisories/GHSA-6fw5-f8r9-fgfm).

Also: improve integration test TestCreateWithCustomMaskedPaths() to ensure
default masked paths don't apply to privileged containers.

Signed-off-by: Cesar Talledo <cesar.talledo@docker.com>
2025-03-10 17:18:10 -07:00
..
cleanups
internal/cleanups: fix non-constant format string in call (govet)
2024-08-27 10:23:39 +02:00
containerfs
pkg/containerfs: move to internal
2024-06-30 19:13:23 +02:00
directory
pkg/directory: deprecate, and move to internal
2024-07-01 20:44:31 +02:00
ioutils
tarexport: Plumb ctx, add OTEL spans, handle cancellation
2024-05-14 13:08:33 +02:00
lazyregexp
implement lazyregexp package
2025-01-02 21:37:11 +01:00
metrics
daemon/events: Move metrics to internal/metrics
2025-01-07 14:13:10 +01:00
mod
internal/mod: fix naked returns
2025-03-04 13:55:45 +01:00
modprobe
Use ioctl to try to trigger kernel module loads
2024-12-06 10:27:24 +00:00
mounttree
Add reusable chroot and unshare utilities
2022-10-26 12:06:31 -04:00
multierror
Add a temporary drop-in replacement for errors.Join
2023-08-16 16:18:41 +02:00
nlwrap
Send unsolicited ARP/NA requests when bringing up interfaces
2025-01-22 16:59:27 +00:00
opts
Allow IPv4 and IPv6 host-gateway-ip addresses
2024-11-26 11:47:31 +00:00
otelutil
otel: Use non-noop tracer provider for grpc
2024-12-12 19:31:00 +01:00
platform
Mask Linux thermal interrupt info in /proc and /sys.
2025-03-10 17:18:10 -07:00
rootless
remove redundant alias for runtime-spec
2024-10-26 18:31:39 +02:00
safepath
chore: fix some function names
2024-10-28 18:20:43 +08:00
sliceutil
update go:build tags to use go1.22
2024-11-12 14:02:09 +01:00
test/suite
Wire up tests to support otel tracing
2023-09-07 18:38:22 +00:00
testutils
client: Change ImageLoad to use functional options
2025-02-14 14:25:37 +01:00
tools
remove some remaining pre-go1.17 build-tags
2023-08-24 17:51:07 +02:00
unix_noeintr
internal/unix_noeintr: fix naked returns
2025-03-04 13:55:45 +01:00
unshare
remove some remaining pre-go1.17 build-tags
2023-08-24 17:51:07 +02:00
usergroup
Split internal idtools functionality
2025-01-07 11:18:46 -08:00