Affected by GO-2026-5064 and 5 other vulnerabilities

GO-2026-5064: containerd CRI checkpoint restore CDI annotation smuggling in github.com/containerd/containerd

GO-2026-5338: containerd: CRI checkpoint import allows local image tag poisoning in github.com/containerd/containerd

GO-2026-5378: containerd user ID handling bypass allows runAsNonRoot evasion in github.com/containerd/containerd

GO-2026-5475: containerd image-triggered runtime DoS via unbounded group parsing in github.com/containerd/containerd

GO-2026-5622: Arbitrary host CRI log file read via symlink following in CRI checkpoint restore in github.com/containerd/containerd

GO-2026-5758: containerd CRI — image-config `LABEL` flows to restart-monitor `binary://` logger: host-root command execution from an image pull in github.com/containerd/containerd

The highest tagged major version is v2.

overlay

package

v1.7.31 Latest Latest Go to latest Published: Apr 14, 2026 License: Apache-2.0 Imports: 4 Imported by: 7

Details

Valid go.mod file
Redistributable license
Tagged version
Stable version
Learn more about best practices

Repository

github.com/containerd/containerd

Links

Documentation ¶

Index ¶

type Config

Constants ¶

This section is empty.

Variables ¶

This section is empty.

Functions ¶

This section is empty.

Types ¶

type Config ¶

type Config struct {
	// Root directory for the plugin
	RootPath      string `toml:"root_path"`
	UpperdirLabel bool   `toml:"upperdir_label"`
	SyncRemove    bool   `toml:"sync_remove"`

	// MountOptions are options used for the overlay mount (not used on bind mounts)
	MountOptions []string `toml:"mount_options"`
}

Config represents configuration for the overlay plugin.

Source Files ¶

View all Source files

plugin.go

?	: This menu
/	: Search site
f or F	: Jump to
y or Y	: Canonical URL