From 3516212307882ab6661082dff5cdbdd078f5ef9a Mon Sep 17 00:00:00 2001 From: utam0k Date: Wed, 7 Feb 2024 21:55:51 +0900 Subject: [PATCH] Fill in TOOD Signed-off-by: utam0k --- crates/libcontainer/src/process/container_init_process.rs | 2 +- crates/libcontainer/src/process/container_main_process.rs | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/crates/libcontainer/src/process/container_init_process.rs b/crates/libcontainer/src/process/container_init_process.rs index 0741d6ecf..46327f781 100644 --- a/crates/libcontainer/src/process/container_init_process.rs +++ b/crates/libcontainer/src/process/container_init_process.rs @@ -840,7 +840,7 @@ fn sync_seccomp( // verifyCwd ensures that the current directory is actually inside the mount // namespace root of the current process. -// Please refer to XXXXXXX(TODO(utam0k): fill in) for more details. +// Please refer to https://github.com/opencontainers/runc/security/advisories/GHSA-xr7r-f8xq-vfvv for more details. fn verify_cwd() -> Result<()> { let cwd = unistd::getcwd().map_err(|err| { if let nix::errno::Errno::ENOENT = err { diff --git a/crates/libcontainer/src/process/container_main_process.rs b/crates/libcontainer/src/process/container_main_process.rs index 980d13bb3..f70660538 100644 --- a/crates/libcontainer/src/process/container_main_process.rs +++ b/crates/libcontainer/src/process/container_main_process.rs @@ -74,7 +74,7 @@ pub fn container_main_process(container_args: &ContainerArgs) -> Result<(Pid, bo // Before starting the intermediate process, mark all non-stdio open files as O_CLOEXEC // to ensure we don't leak any file descriptors to the intermediate process. - // Please refer to XXXXXXX(TODO(utam0k): fill in) for more details. + // Please refer to https://github.com/opencontainers/runc/security/advisories/GHSA-xr7r-f8xq-vfvv for more details. let syscall = container_args.syscall.create_syscall(); syscall.close_range(0).map_err(|err| { tracing::error!(?err, "failed to cleanup extra fds");