Affected by GO-2022-0457 and 12 other vulnerabilities

GO-2022-0457: Access to Unix domain socket can lead to privileges escalation in Cilium in github.com/cilium/cilium

GO-2022-0458: Improper Privilege Management in Cilium in github.com/cilium/cilium

GO-2022-0959: Network Policies & (Clusterwide) Cilium Network Policies with namespace label selectors may unexpectedly select pods with maliciously crafted labels in github.com/cilium/cilium

GO-2023-1643: Potential network policy bypass when routing IPv6 traffic in github.com/cilium/cilium

GO-2023-1785: Potential HTTP policy bypass when using header rules in Cilium in github.com/cilium/cilium

GO-2023-2078: Kubernetes users may update Pod labels to bypass network policy in github.com/cilium/cilium

GO-2023-2079: Specific Cilium configurations vulnerable to DoS via Kubernetes annotations in github.com/cilium/cilium

GO-2023-2080: Cilium vulnerable to bypass of namespace restrictions in CiliumNetworkPolicy in github.com/cilium/cilium

GO-2024-2656: Unencrypted traffic between nodes with IPsec in github.com/cilium/cilium

GO-2024-2666: Insecure IPsec transparent encryption in github.com/cilium/cilium

GO-2024-3072: Policy bypass for Host Firewall policy due to race condition in Cilium agent in github.com/cilium/cilium

GO-2025-4167: Cilium with misconfigured toGroups in policies can lead to unrestricted egress traffic in Ciliumgithub.com/cilium/cilium

GO-2026-4856: Cilium L7 proxy may bypass Kubernetes NetworkPolicy for same-node traffic in github.com/cilium/cilium

lockfile

package

v0.15.7 Latest Latest Go to latest Published: Aug 31, 2023 License: Apache-2.0 Imports: 4 Imported by: 1

Details

Valid go.mod file
Redistributable license
Tagged version
Stable version
Learn more about best practices

Repository

github.com/cilium/cilium

Links

Documentation ¶

Rendered for

Overview ¶

SPDX-License-Identifier: Apache-2.0 Copyright Authors of Cilium

Index ¶

Constants
type Lockfile
- func NewLockfile(path string) (*Lockfile, error)

Constants ¶

View Source

const (
	SETLK  = 37 // F_OFD_SETLK
	SETLKW = 38 // F_OFD_SETLKW
)

Variables ¶

This section is empty.

Functions ¶

This section is empty.

Types ¶

type Lockfile ¶

type Lockfile struct {
	// contains filtered or unexported fields
}

Lockfile is a simple wrapper around POSIX file locking but it uses Linux's per-fd locks, which makes it safe to use within the same process

func NewLockfile ¶

func NewLockfile(path string) (*Lockfile, error)

NewLockfile creates and opens a lockfile, but does not acquire a lock.

func (*Lockfile) Close ¶

func (l *Lockfile) Close() error

Close will close the file, which implicitly removes all locks held. It is an error to re-use a closed Lockfile.

func (*Lockfile) Lock ¶

func (l *Lockfile) Lock(ctx context.Context, exclusive bool) error

Lock will attempt to take a lock, blocking until it is able to do so. If exclusive is true, then it will obtain a write, or exclusive, lock

func (*Lockfile) TryLock ¶

func (l *Lockfile) TryLock(exclusive bool) error

TryLock will attempt to take a lock, returining error if it is not possible to acquire the lock. If exclusive is true, then it will attempt to obtain a write, or exclusive, lock

func (*Lockfile) Unlock ¶

func (l *Lockfile) Unlock() error

Unlock removes the lock, but keeps the file open.

Source Files ¶

View all Source files

lockfile_linux.go

?	: This menu
/	: Search site
f or F	: Jump to
y or Y	: Canonical URL