Add minimum rust version requirement to libcgroups and libcontainers #626
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
YJDoc2
force-pushed
the
add_rust_min_v
branch
from
bc80fec to
05162e2
Compare
|
@utam0k PTAL |
utam0k
reviewed
Jan 21, 2022
…due to CVE-2022-21658
YJDoc2
force-pushed
the
add_rust_min_v
branch
from
05162e2 to
a840866
Compare
# for free
to join this conversation on GitHub.
Already have an account?
# to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
CVE-2022-21658 was announced today which affects the rust std::fs::remove_dir_all function, where due to a race condition, a non-privileged process can request a privileged process to delete a dir which they do not have permission to delete. More information on this can be found at https://blog.rust-lang.org/2022/01/20/cve-2022-21658.html
Youki uses this function in libcgroups and libcontainer, where it is used to either remove a cgroup or remove a container bundle dir. Thus this PR adds
rust-versionfield to both of these, and sets it to1.58.1which has a patch for this CVE. Now to compile youki one must have rust compiler of version at least1.58.1or newer. If tried to compile with previous version, it will give a compile time error.This also changes the rust versions in the CI rust matrix to be compatible with this.