Skip to content
This repository has been archived by the owner on Jun 20, 2024. It is now read-only.

3206: Protect against CNI plugin being called with the host namespace #3346

Merged
merged 1 commit into from
Jul 19, 2018
Merged

3206: Protect against CNI plugin being called with the host namespace #3346

merged 1 commit into from
Jul 19, 2018

Conversation

murali-reddy
Copy link
Contributor

adding a check to verify if network namespace is not host network namespace

Fixes #3206

@bboreham
Copy link
Contributor

CI failed on two counts: one lint:

plugin/net/cni.go:127:21: error strings should not be capitalized or end with punctuation or a newline

"missing secret" is because non-weaveworks repos don't have the credentials to create VMs to run the smoke tests.

bboreham
bboreham reviewed Jul 13, 2018
View reviewed changes
plugin/net/cni.go Outdated
@@ -117,6 +117,16 @@ func (c *CNIPlugin) CmdAdd(args *skel.CmdArgs) error {
}
defer ns.Close()

hostNs, err := netns.Get()
if err != nil {
return fmt.Errorf("error accessing host network namespace")

This comment was marked as abuse.

Sign in to view

@murali-reddy
3206: Protect against CNI plugin being called with the host namespace
27f9aa1 
adding a check to verify if network namespace is not host network namespace

Fixes weaveworks#3206
@rade
Copy link
Member

rade commented Jul 18, 2018

What is happening with this?

@bboreham
Copy link
Contributor

I've pushed the branch to the weaveworks/weave repo so it will run fill smoke tests.

@bboreham bboreham merged commit b8ce722 into weaveworks:master Jul 19, 2018
@bboreham
Copy link
Contributor

Thanks!

@brb brb added this to the 2.4 milestone Jul 21, 2018
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Reviewers

@bboreham bboreham bboreham approved these changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
2.4
Development

Successfully merging this pull request may close these issues.
4 participants
@murali-reddy @bboreham @rade @brb