mirror of
https://github.com/containers/buildah.git
synced 2026-02-05 09:45:38 +01:00
6e62bd0835
Fix a time-of-check/time-of-use error when mounting type=bind and type=cache directories that use a "src" flag. A hostile writer could use a concurrently-running stage or build to replace that "src" location between the point when we had resolved possible symbolic links and when runc/crun/whatever actually went to create the bind mount (CVE-2024-11218). Stop ignoring the "src" option for cache mounts when there's no "from" option. Signed-off-by: Nalin Dahyabhai <nalin@redhat.com>