Affected by GO-2024-2653 and 13 other vulnerabilities

GO-2024-2653: HTTP policy bypass in github.com/cilium/cilium

GO-2024-2656: Unencrypted traffic between nodes with IPsec in github.com/cilium/cilium

GO-2024-2657: Unencrypted traffic between nodes with WireGuard in github.com/cilium/cilium

GO-2024-2666: Insecure IPsec transparent encryption in github.com/cilium/cilium

GO-2024-2922: Cilium leaks sensitive information in cilium-bugtool in github.com/cilium/cilium

GO-2024-3071: Gateway API route matching order contradicts specification in github.com/cilium/cilium

GO-2024-3072: Policy bypass for Host Firewall policy due to race condition in Cilium agent in github.com/cilium/cilium

GO-2024-3074: Cilium leaks information via incorrect ReferenceGrant update logic in Gateway API in github.com/cilium/cilium

GO-2024-3208: Cilium's CIDR deny policies may not take effect when a more narrow CIDR allow is present in github.com/cilium/cilium

GO-2025-3415: DoS in Cilium agent DNS proxy from crafted DNS responses in github.com/cilium/cilium

GO-2025-3416: Cilium has an information leakage via insecure default Hubble UI CORS header in github.com/cilium/cilium

GO-2025-3560: Cilium East-west traffic not subject to egress policy enforcement for requests via Gateway API load balancers in github.com/cilium/cilium

GO-2025-3635: In Cilium, packets from terminating endpoints may not be encrypted in Wireguard-enabled clusters in github.com/cilium/cilium

GO-2025-4167: Cilium with misconfigured toGroups in policies can lead to unrestricted egress traffic in Ciliumgithub.com/cilium/cilium

cgroups

package

v1.15.0 Latest Latest Go to latest Published: Jan 31, 2024 License: Apache-2.0 Imports: 9 Imported by: 10

Details

Valid go.mod file
Redistributable license
Tagged version
Stable version
Learn more about best practices

Repository

github.com/cilium/cilium

Links

Documentation ¶

Rendered for

Index ¶

func CheckOrMountCgrpFS(mapRoot string)
func GetCgroupID(cgroupPath string) (uint64, error)
func GetCgroupRoot() string

Constants ¶

This section is empty.

Variables ¶

This section is empty.

Functions ¶

func CheckOrMountCgrpFS ¶

func CheckOrMountCgrpFS(mapRoot string)

CheckOrMountCgrpFS this checks if the cilium cgroup2 root mount point is mounted and if not mounts it. If mapRoot is "" it will mount the default location. It is harmless to have multiple cgroupv2 root mounts so unlike BPFFS case we simply mount at the cilium default regardless if the system has another mount created by systemd or otherwise.

func GetCgroupID ¶

func GetCgroupID(cgroupPath string) (uint64, error)

func GetCgroupRoot ¶

func GetCgroupRoot() string

GetCgroupRoot returns the path for the cgroupv2 mount

Types ¶

This section is empty.

Source Files ¶

View all Source files

Directories ¶

Path	Synopsis
manager

?	: This menu
/	: Search site
f or F	: Jump to
y or Y	: Canonical URL