Affected by GO-2022-0344 and 10 other vulnerabilities

GO-2022-0344: containerd CRI plugin: Insecure handling of image volumes in github.com/containerd/containerd

GO-2022-0360: Ambiguous OCI manifest parsing in github.com/containerd/containerd

GO-2022-0482: containerd CRI plugin: Host memory exhaustion through ExecSync in github.com/containerd/containerd

GO-2022-0784: containerd-shim API Exposed to Host Network Containers in github.com/containerd/containerd

GO-2022-0803: containerd v1.2.x can be coerced into leaking credentials during image pull in github.com/containerd/containerd

GO-2022-0921: Archive package allows chmod of file outside of unpack target directory in github.com/containerd/containerd

GO-2022-0938: Insufficiently restricted permissions on plugin directories in github.com/containerd/containerd

GO-2022-1147: containerd CRI stream server vulnerable to host memory exhaustion via terminal in github.com/containerd/containerd

GO-2025-3528: containerd has an integer overflow in User ID handling in github.com/containerd/containerd

GO-2025-4100: containerd affected by a local privilege escalation via wide permissions on CRI directory in github.com/containerd/containerd

GO-2025-4108: containerd CRI server: Host memory exhaustion through Attach goroutine leak in github.com/containerd/containerd

The highest tagged major version is v2.

shim

package

v1.2.8 Latest Latest Go to latest Published: Aug 22, 2019 License: Apache-2.0 Imports: 27 Imported by: 755

Details

Valid go.mod file
Redistributable license
Tagged version
Stable version
Learn more about best practices

Repository

github.com/containerd/containerd

Links

Open Source Insights

Documentation ¶

Rendered for

Index ¶

func AnonDialer(address string, timeout time.Duration) (net.Conn, error)
func BinaryName(runtime string) string
func Command(ctx context.Context, runtime, containerdAddress, path string, ...) (*exec.Cmd, error)
func Connect(address string, d func(string, time.Duration) (net.Conn, error)) (net.Conn, error)
func NewSocket(address string) (*net.UnixListener, error)
func Run(id string, initFunc Init)
func SetScore(pid int) error
func SocketAddress(ctx context.Context, id string) (string, error)
func WriteAddress(path, address string) error
func WritePidFile(path string, pid int) error
type Client
- func NewShimClient(ctx context.Context, svc shimapi.TaskService, signals chan os.Signal) *Client
- func (s *Client) Serve() error
type Init
type Opts
type OptsKey
type Shim

Constants ¶

This section is empty.

Variables ¶

This section is empty.

Functions ¶

func AnonDialer ¶

func AnonDialer(address string, timeout time.Duration) (net.Conn, error)

AnonDialer returns a dialer for an abstract socket

func BinaryName ¶

func BinaryName(runtime string) string

BinaryName returns the shim binary name from the runtime name, empty string returns means runtime name is invalid

func Command ¶

func Command(ctx context.Context, runtime, containerdAddress, path string, cmdArgs ...string) (*exec.Cmd, error)

Command returns the shim command with the provided args and configuration

func Connect ¶

func Connect(address string, d func(string, time.Duration) (net.Conn, error)) (net.Conn, error)

Connect to the provided address

func NewSocket ¶

func NewSocket(address string) (*net.UnixListener, error)

NewSocket returns a new socket

func Run ¶

func Run(id string, initFunc Init)

Run initializes and runs a shim server

func SetScore ¶

func SetScore(pid int) error

SetScore sets the oom score for a process

func SocketAddress ¶

func SocketAddress(ctx context.Context, id string) (string, error)

SocketAddress returns an abstract socket address

func WriteAddress ¶

func WriteAddress(path, address string) error

WriteAddress writes a address file atomically

func WritePidFile ¶

func WritePidFile(path string, pid int) error

WritePidFile writes a pid file atomically

Types ¶

type Client ¶

type Client struct {
	// contains filtered or unexported fields
}

Client for a shim server

func NewShimClient ¶

func NewShimClient(ctx context.Context, svc shimapi.TaskService, signals chan os.Signal) *Client

NewShimClient creates a new shim server client

func (*Client) Serve ¶

func (s *Client) Serve() error

Serve the shim server

type Init ¶

type Init func(context.Context, string, events.Publisher) (Shim, error)

Init func for the creation of a shim server

type Opts ¶

type Opts struct {
	BundlePath string
	Debug      bool
}

Opts are context options associated with the shim invocation.

type OptsKey ¶

type OptsKey struct{}

OptsKey is the context key for the Opts value.

type Shim ¶

type Shim interface {
	shimapi.TaskService
	Cleanup(ctx context.Context) (*shimapi.DeleteResponse, error)
	StartShim(ctx context.Context, id, containerdBinary, containerdAddress string) (string, error)
}

Shim server interface

Source Files ¶

View all Source files

?	: This menu
/	: Search site
f or F	: Jump to
y or Y	: Canonical URL