Affected by GO-2026-4883 and 4 other vulnerabilities

GO-2026-4883: Moby has an Off-by-one error in its plugin privilege validation in github.com/docker/docker

GO-2026-4887: Moby has AuthZ plugin bypass when provided oversized request bodies in github.com/docker/docker

GO-2026-5617: Docker: Race condition in docker cp allows bind mount redirection to host path in github.com/docker/docker

GO-2026-5668: Docker: Race condition in docker cp allows creation of arbitrary empty files on the host via symlink swap in github.com/docker/docker

GO-2026-5746: Docker: `PUT /containers/{id}/archive` executes container binary on the host in github.com/docker/docker

mountopts

package

v28.2.0-rc.2+incompatible Latest Latest Go to latest Published: May 22, 2025 License: Apache-2.0 Imports: 1 Imported by: 0

Details

Valid go.mod file
Redistributable license
Tagged version
Stable version
Learn more about best practices

Repository

github.com/docker/docker

Links

Documentation ¶

Index ¶

func UnprivilegedMountFlags(path string) ([]string, error)

Constants ¶

This section is empty.

Variables ¶

This section is empty.

Functions ¶

func UnprivilegedMountFlags ¶

func UnprivilegedMountFlags(path string) ([]string, error)

UnprivilegedMountFlags gets the set of mount flags that are set on the mount that contains the given path and are locked by CL_UNPRIVILEGED. This is necessary to ensure that bind-mounting "with options" will not fail with user namespaces, due to kernel restrictions that require user namespace mounts to preserve CL_UNPRIVILEGED locked flags.

TODO: Move to github.com/moby/sys/mount, and update BuildKit copy of this code as well (https://github.com/moby/buildkit/blob/v0.13.0/util/rootless/mountopts/mountopts_linux.go#L11-L18)

Types ¶

This section is empty.

Source Files ¶

View all Source files

mountopts_linux.go

?	: This menu
/	: Search site
f or F	: Jump to
y or Y	: Canonical URL