Affected by GO-2022-0344
and 13 other vulnerabilities
GO-2022-0344 : containerd CRI plugin: Insecure handling of image volumes in github.com/containerd/containerd
GO-2022-0360 : Ambiguous OCI manifest parsing in github.com/containerd/containerd
GO-2022-0482 : containerd CRI plugin: Host memory exhaustion through ExecSync in github.com/containerd/containerd
GO-2022-0784 : containerd-shim API Exposed to Host Network Containers in github.com/containerd/containerd
GO-2022-0803 : containerd v1.2.x can be coerced into leaking credentials during image pull in github.com/containerd/containerd
GO-2022-0921 : Archive package allows chmod of file outside of unpack target directory in github.com/containerd/containerd
GO-2022-0938 : Insufficiently restricted permissions on plugin directories in github.com/containerd/containerd
GO-2022-1147 : containerd CRI stream server vulnerable to host memory exhaustion via terminal in github.com/containerd/containerd
GO-2025-3528 : containerd has an integer overflow in User ID handling in github.com/containerd/containerd
GO-2025-4100 : containerd affected by a local privilege escalation via wide permissions on CRI directory in github.com/containerd/containerd
GO-2025-4108 : containerd CRI server: Host memory exhaustion through Attach goroutine leak in github.com/containerd/containerd
GO-2026-5064 : containerd CRI checkpoint restore CDI annotation smuggling in github.com/containerd/containerd
GO-2026-5338 : containerd: CRI checkpoint import allows local image tag poisoning in github.com/containerd/containerd
GO-2026-5622 : Arbitrary host CRI log file read via symlink following in CRI checkpoint restore in github.com/containerd/containerd
The highest tagged major version is
v2 .
Discover Packages
github.com/containerd/containerd
sys
package
Version:
v1.0.0-alpha0
Opens a new window with list of versions in this module.
Published: Jul 13, 2017
License: Apache-2.0, CC-BY-SA-4.0
Opens a new window with license information.
Imports: 10
Opens a new window with list of imports.
Imported by: 1,197
Opens a new window with list of known importers.
Documentation
Documentation
¶
Rendered for
linux/amd64
windows/amd64
darwin/amd64
js/wasm
Constants
func CreateUnixSocket(path string) (net.Listener, error)
func EpollCreate1(flag int) (int, error)
func EpollCtl(epfd int, op int, fd int, event *unix.EpollEvent) error
func EpollWait(epfd int, events []unix.EpollEvent, msec int) (int, error)
func GetLocalListener(path string, uid, gid int) (net.Listener, error)
func GetOpenFds(pid int) (int, error)
func GetSubreaper() (int, error)
func GetSystemCPUUsage() (uint64, error)
func SetOOMScore(pid, score int) error
func SetSubreaper(i int) error
type Exit
OOMScoreMaxKillable is the maximum score keeping the process killable by the oom killer
CreateUnixSocket creates a unix socket and returns the listener
EpollCreate1 directly calls unix.EpollCreate1
EpollCtl directly calls unix.EpollCtl
EpollWait directly calls unix.EpollWait
GetLocalListener returns a listerner out of a unix socket.
GetOpenFds returns the number of open fds for the process provided by pid
GetSubreaper returns the subreaper setting for the calling process
GetSystemCPUUsage returns the host system's cpu usage in
nanoseconds. An error is returned if the format of the underlying
file does not match.
Uses /proc/stat defined by POSIX. Looks for the cpu
statistics line and then sums up the first seven fields
provided. See `man 5 proc` for details on specific field
information.
SetOOMScore sets the oom score for the provided pid
SetSubreaper sets the value i as the subreaper setting for the calling process
type Exit struct {
Pid int
Status int
}
Exit is the wait4 information from an exited process
Reap reaps all child processes for the calling process and returns their
exit information
Source Files
¶
Click to show internal directories.
Click to hide internal directories.