openshift/source-to-image
1
0
Fork 0
mirror of https://github.com/openshift/source-to-image.git synced 2026-02-05 12:44:54 +01:00
Code Issues Releases Activity

Strip groups before checking if AssembleUser is Allowed

Browse Source 
When checking if the user that we'll use for running the assemble step
is in the allowed user range, we strip any potential group part from the
value for the user that we extract from the image's configuration before
checking if it's in the allowed range, but we haven't been doing that
for values configured through the "s2i.assemble-user" label.

Signed-off-by: Nalin Dahyabhai <nalin@redhat.com>
This commit is contained in:
Nalin Dahyabhai
2021-11-09 16:10:16 -05:00
parent 48a9c056cf
commit aa690147cc
1 changed files with 1 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
pkg/docker/util.go
View File

@@ -318,7 +318,7 @@ func CheckAllowedUser(d Docker, imageName string, uids user.RangeList, isOnbuild
return err
}
if len(assembleUser) > 0 {
if !user.IsUserAllowed(assembleUser, &uids) {
if !user.IsUserAllowed(extractUser(assembleUser), &uids) {
// Pass in the override, since assembleUser can come from the image label
return s2ierr.NewAssembleUserNotAllowedError(imageName, false)
}