By allowing Open(at)InRoot to opt-out of the extra work done by MkdirAll
to do the necessary "partial lookups", Open(at)InRoot now does less work
for both implementations (resulting in a many-fold decrease in the number of
operations for openat2, and a modest improvement for non-openat2) and is
far more guaranteed to match the correct openat2(RESOLVE_IN_ROOT)
behaviour.
We now use readlinkat(fd, "") where possible. For Open(at)InRoot this
effectively just means that we no longer risk getting spurious errors during
rename races. However, for our hardened procfs handler, this in theory should
prevent mount attacks from tricking us when doing magic-link readlinks (even
when using the unsafe host /proc handle). Unfortunately Reopen is still
potentially vulnerable to those kinds of somewhat-esoteric attacks.
Several improvements were made to the errors returned by Open(at)InRoot and
MkdirAll when dealing with invalid paths under the emulated (ie.
non-openat2) implementation. Previously, some paths would return the wrong
error (ENOENT when the last component was a non-directory), and other paths
would be returned as though they were acceptable (trailing-slash components
after a non-directory would be ignored by Open(at)InRoot).
These changes were done to match openat2's behaviour and purely is a
consistency fix (most users are going to be using openat2 anyway).
However, it does introduce a new *os.File-based API which is much safer
to use for most usecases. These are adapted from [libpathrs][1] and are
the bare minimum to be able to operate more safely on an untrusted
rootfs where an attacker has write access (something that SecureJoin
cannot protect against). The new APIs are:
OpenInRoot, which resolves a path inside a rootfs and returns an
*os.File handle to the path. Note that the file handle returned by
OpenInRoot is an O_PATH handle, which cannot be used for reading or
writing (as well as some other operations -- see open(2) for more
details).
Reopen, which takes an O_PATH file handle and safely re-opens it to
"upgrade" it to a regular handle.
By allowing Open(at)InRoot to opt-out of the extra work done by MkdirAll
to do the necessary "partial lookups", Open(at)InRoot now does less work
for both implementations (resulting in a many-fold decrease in the number of
operations for openat2, and a modest improvement for non-openat2) and is
far more guaranteed to match the correct openat2(RESOLVE_IN_ROOT)
behaviour.
We now use readlinkat(fd, "") where possible. For Open(at)InRoot this
effectively just means that we no longer risk getting spurious errors during
rename races. However, for our hardened procfs handler, this in theory should
prevent mount attacks from tricking us when doing magic-link readlinks (even
when using the unsafe host /proc handle). Unfortunately Reopen is still
potentially vulnerable to those kinds of somewhat-esoteric attacks.
Several improvements were made to the errors returned by Open(at)InRoot and
MkdirAll when dealing with invalid paths under the emulated (ie.
non-openat2) implementation. Previously, some paths would return the wrong
error (ENOENT when the last component was a non-directory), and other paths
would be returned as though they were acceptable (trailing-slash components
after a non-directory would be ignored by Open(at)InRoot).
These changes were done to match openat2's behaviour and purely is a
consistency fix (most users are going to be using openat2 anyway).
[0.3.0] - 2024-07-11
Added
A new set of *os.File-based APIs have been added. These are adapted from
[libpathrs][] and we strongly suggest using them if possible (as they provide
far more protection against attacks than SecureJoin):
Open(at)InRoot resolves a path inside a rootfs and returns an *os.File
handle to the path. Note that the handle returned is an O_PATH handle,
which cannot be used for reading or writing (as well as some other
operations -- [see open(2) for more details][open.2])
Reopen takes an O_PATH file handle and safely re-opens it to upgrade
it to a regular handle. This can also be used with non-O_PATH handles,
but O_PATH is the most obvious application.
MkdirAll is an implementation of os.MkdirAll that is safe to use to
Add MountedFast by @kolyshkin in moby/sys#100
Note: most users should keep using Mounted, which already incorporates all optimizations from MountedFast
Add the new go.opentelemetry.io/contrib/detectors/azure/azurevm package to provide a resource detector for Azure VMs. (#5422)
Add support to configure views when creating MeterProvider using the config package. (#5654)
The go.opentelemetry.io/contrib/config add support to configure periodic reader interval and timeout. (#5661)
Add log support for the autoexport package. (#5733)
Add support for disabling the old runtime metrics using the OTEL_GO_X_DEPRECATED_RUNTIME_METRICS=false environment variable. (#5747)
Add support for signal-specific protocols environment variables (OTEL_EXPORTER_OTLP_TRACES_PROTOCOL, OTEL_EXPORTER_OTLP_LOGS_PROTOCOL, OTEL_EXPORTER_OTLP_METRICS_PROTOCOL) in go.opentelemetry.io/contrib/exporters/autoexport. (#5816)
The go.opentelemetry.io/contrib/processors/minsev module is added.
This module provides and experimental logging processor with a configurable threshold for the minimum severity records must have to be recorded. (#5817)
The go.opentelemetry.io/contrib/processors/baggagecopy module.
This module is a replacement of go.opentelemetry.io/contrib/processors/baggage/baggagetrace. (#5824)
Changed
Improve performance of go.opentelemetry.io/contrib/instrumentation/google.golang.org/grpc/otelgrpc with the usage of WithAttributeSet() instead of WithAttribute(). (#5664)
Improve performance of go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp with the usage of WithAttributeSet() instead of WithAttribute(). (#5664)
Update go.opentelemetry.io/contrib/config to latest released configuration schema which introduces breaking changes where Attributes is now a map[string]interface{}. (#5758)
Upgrade all dependencies of go.opentelemetry.io/otel/semconv/v1.25.0 to go.opentelemetry.io/otel/semconv/v1.26.0. (#5847)
Fixed
Custom attributes targeting metrics recorded by the go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp are not ignored anymore. (#5129)
The double setup in go.opentelemetry.io/contrib/instrumentation/net/http/httptrace/otelhttptrace/example that caused duplicate traces. (#5564)
The superfluous response.WriteHeader call in go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp when the response writer is flushed. (#5634)
Use c.FullPath() method to set http.route attribute in go.opentelemetry.io/contrib/instrumentation/github.com/gin-gonic/gin/otelgin. (#5734)
Out-of-bounds panic in case of invalid span ID in go.opentelemetry.io/contrib/propagators/b3. (#5754)
Deprecated
The go.opentelemetry.io/contrib/instrumentation/github.com/labstack/echo/otelecho package is deprecated.
If you would like to become a Code Owner of this module and prevent it from being removed, see #5550. (#5645)
The go.opentelemetry.io/contrib/instrumentation/gopkg.in/macaron.v1/otelmacaron package is deprecated.
If you would like to become a Code Owner of this module and prevent it from being removed, see #5552. (#5646)
The go.opentelemetry.io/contrib/samplers/aws/xray package is deprecated.
If you would like to become a Code Owner of this module and prevent it from being removed, see #5554. (#5647)
The go.opentelemetry.io/contrib/processors/baggage/baggagetrace package is deprecated.
Use the added go.opentelemetry.io/contrib/processors/baggagecopy package instead. (#5824)
Use baggagecopy.NewSpanProcessor as a replacement for baggagetrace.New.
NewSpanProcessor accepts a Fitler function type that selects which baggage members are added to a span.
NewSpanProcessor returns a *baggagecopy.SpanProcessor instead of a trace.SpanProcessor interface.
The returned type still implements the interface.
Add the new go.opentelemetry.io/contrib/detectors/azure/azurevm package to provide a resource detector for Azure VMs. (#5422)
Add support to configure views when creating MeterProvider using the config package. (#5654)
The go.opentelemetry.io/contrib/config add support to configure periodic reader interval and timeout. (#5661)
Add log support for the autoexport package. (#5733)
Add support for disabling the old runtime metrics using the OTEL_GO_X_DEPRECATED_RUNTIME_METRICS=false environment variable. (#5747)
Add support for signal-specific protocols environment variables (OTEL_EXPORTER_OTLP_TRACES_PROTOCOL, OTEL_EXPORTER_OTLP_LOGS_PROTOCOL, OTEL_EXPORTER_OTLP_METRICS_PROTOCOL) in go.opentelemetry.io/contrib/exporters/autoexport. (#5816)
The go.opentelemetry.io/contrib/processors/minsev module is added.
This module provides and experimental logging processor with a configurable threshold for the minimum severity records must have to be recorded. (#5817)
The go.opentelemetry.io/contrib/processors/baggagecopy module.
This module is a replacement of go.opentelemetry.io/contrib/processors/baggage/baggagetrace. (#5824)
Changed
Improve performance of go.opentelemetry.io/contrib/instrumentation/google.golang.org/grpc/otelgrpc with the usage of WithAttributeSet() instead of WithAttribute(). (#5664)
Improve performance of go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp with the usage of WithAttributeSet() instead of WithAttribute(). (#5664)
Update go.opentelemetry.io/contrib/config to latest released configuration schema which introduces breaking changes where Attributes is now a map[string]interface{}. (#5758)
Upgrade all dependencies of go.opentelemetry.io/otel/semconv/v1.25.0 to go.opentelemetry.io/otel/semconv/v1.26.0. (#5847)
Fixed
Custom attributes targeting metrics recorded by the go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp are not ignored anymore. (#5129)
The double setup in go.opentelemetry.io/contrib/instrumentation/net/http/httptrace/otelhttptrace/example that caused duplicate traces. (#5564)
The superfluous response.WriteHeader call in go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp when the response writer is flushed. (#5634)
Use c.FullPath() method to set http.route attribute in go.opentelemetry.io/contrib/instrumentation/github.com/gin-gonic/gin/otelgin. (#5734)
Out-of-bounds panic in case of invalid span ID in go.opentelemetry.io/contrib/propagators/b3. (#5754)
Deprecated
The go.opentelemetry.io/contrib/instrumentation/github.com/labstack/echo/otelecho package is deprecated.
If you would like to become a Code Owner of this module and prevent it from being removed, see #5550. (#5645)
The go.opentelemetry.io/contrib/instrumentation/gopkg.in/macaron.v1/otelmacaron package is deprecated.
If you would like to become a Code Owner of this module and prevent it from being removed, see #5552. (#5646)
The go.opentelemetry.io/contrib/samplers/aws/xray package is deprecated.
If you would like to become a Code Owner of this module and prevent it from being removed, see #5554. (#5647)
The go.opentelemetry.io/contrib/processors/baggage/baggagetrace package is deprecated.
Use the added go.opentelemetry.io/contrib/processors/baggagecopy package instead. (#5824)
Use baggagecopy.NewSpanProcessor as a replacement for baggagetrace.New.
NewSpanProcessor accepts a Fitler function type that selects which baggage members are added to a span.
NewSpanProcessor returns a *baggagecopy.SpanProcessor instead of a trace.SpanProcessor interface.
The returned type still implements the interface.
Bumps the go-modules group with 13 updates in the / directory:
1.33.1
1.34.1
0.12.4
0.12.5
0.2.5
0.3.1
27.0.2+incompatible
27.1.1+incompatible
1.4.4
1.4.5
0.19.2
0.20.1
0.0.15
0.0.16
0.5.0
0.6.0
0.1.0
0.2.0
1.2.2
1.3.0
2.17.0
2.18.0
0.52.0
0.53.0
1.64.0
1.65.0
Updates
github.com/onsi/gomega
from 1.33.1 to 1.34.1Release notes
Sourced from github.com/onsi/gomega's releases.
Changelog
Sourced from github.com/onsi/gomega's changelog.
Commits
fa057b8
v1.34.15e71dcd
Use slices from exp/slices to keep golang 1.20 compat32e5498
v1.34.0cb3fa6a
run go mod tidy and wonder why go get doesnt just run it for me in the first ...8af2ece
bump ginkgo878940c
fix incorrect handling of nil slices in HaveExactElements (fixes #771)f5bec80
clean up bipartitegraph testsebadb67
issue_765 - fixed bug in Hopcroft-Karp algorithm123a071
Fix typo in docsc549e0d
Add RoundTripper method to ghttp.ServerUpdates
github.com/Microsoft/hcsshim
from 0.12.4 to 0.12.5Release notes
Sourced from github.com/Microsoft/hcsshim's releases.
Commits
e970943
Modifying network flag EnableIov.4f77a09
Hcsshim wrapper over HNS API needed for exclusion of management mac addresses...3b5bd8a
[release/0.12] vendor: github.com/containerd/containerd v17.1840cdbc8
Adding state attribute to the HNSEndpoint struct to support hyperv containers...Updates
github.com/cyphar/filepath-securejoin
from 0.2.5 to 0.3.1Release notes
Sourced from github.com/cyphar/filepath-securejoin's releases.
... (truncated)
Changelog
Sourced from github.com/cyphar/filepath-securejoin's changelog.
... (truncated)
Commits
ce7b28a
VERSION: release v0.3.1a2c14f8
CHANGELOG: add readlinkat(fd, "") shout-out4ea279f
merge #22 into cyphar/filepath-securejoin:main16e1bec
CHANGELOG: add initial changelog with current history2404ffb
merge #21 into cyphar/filepath-securejoin:mainf29b7a4
lookup: handle // and trailing slash components correctlyecd61ca
merge #19 into cyphar/filepath-securejoin:main38b1220
procfs: refactor statx mnt_id logic45c4415
procfs: use readlink(fd, "") for magic-linksedab538
merge #17 into cyphar/filepath-securejoin:mainUpdates
github.com/docker/cli
from 27.0.2+incompatible to 27.1.1+incompatibleCommits
6312585
Merge pull request #5274 from thaJeztah/27.1_backport_compose_oomc599566
Allow for OomScoreAdjfb19def
Merge pull request #5271 from thaJeztah/27.1_backport_custom_headers_env_varbccd478
Merge pull request #5270 from thaJeztah/27.1_backport_test_spring_cleaning8992378
add support for DOCKER_CUSTOM_HEADERS env-var (experimental)f90273c
Merge pull request #5269 from thaJeztah/27.1_backport_add_macos_apple_siliconca9636a
test spring-cleaningad47d2a
gha: update to macOS 13, add macOS 14 arm64 (Apple Silicon M1)a2a0fb7
Merge pull request #5263 from thaJeztah/27.1_backport_relax_pr_check16d6c90
Merge pull request #5265 from thaJeztah/27.1_backport_bump_buildx_composeUpdates
github.com/gabriel-vasile/mimetype
from 1.4.4 to 1.4.5Release notes
Sourced from github.com/gabriel-vasile/mimetype's releases.
Commits
b36b70f
remove exe from testdata (#561)e802551
Bump the github-actions group across 1 directory with 3 updates (#560)f003e99
Bump golang.org/x/net in the gomod group across 1 directory (#552)e0c5c59
reduce project size by moving mimetype.gif to testdata (#548)f296c1b
alias rtf to application/rtf (#547)8329892
Updating RTF Magic number to match <https://www.iana.org/assignments/media-ty...3267116
remove tarbomb from testdata folder (#540)cdceff9
zip: use []byte instead of string to prevent allocs (#537)77e3848
tar: remove strconv dependency for tar checksum octal numbers (#536)09ff708
json: improve performance by using a pool of scanners (#535)Updates
github.com/google/go-containerregistry
from 0.19.2 to 0.20.1Release notes
Sourced from github.com/google/go-containerregistry's releases.
Commits
c3d1dcc
Createremote.Push
(#1978)d36047a
Restore blind-write to remote.Put (#1970)9915a85
Referrer API must return correct Content-Type (#1968)Updates
github.com/mattn/go-runewidth
from 0.0.15 to 0.0.16Commits
6ceadc6
Support Unicode 15.1.0Updates
github.com/moby/sys/sequential
from 0.5.0 to 0.6.0Release notes
Sourced from github.com/moby/sys/sequential's releases.
Commits
03b9f8d
Merge pull request #94 from thaJeztah/bump_mountinfobdd898e
mount: update github.com/moby/sys/mountinfo v0.5.0fbd276c
Merge pull request #93 from kolyshkin/ci-f35afb7f50
Merge pull request #92 from kolyshkin/more-linters9372d68
ci: bump Fedora to 359a90d6d
Format code with gofumpt, enable linter85e4bfd
Makefile: update golangci-lint to 1.43.0f0fb439
.gitattributes: addb016007
ci: add unconvert and errorlint linters to golanci6056970
Fix errorlint warningsUpdates
github.com/moby/sys/user
from 0.1.0 to 0.2.0Release notes
Sourced from github.com/moby/sys/user's releases.
... (truncated)
Commits
86870e7
Merge pull request #140 from thaJeztah/integrate_libcontainer_userns5cd502c
user: require go1.21 or highera40602b
user/userns: add godoc for packagebc3a8a5
libct/userns: implement RunningInUserNS with sync.OnceValuebc0de32
libct/userns: make fuzzer Linux-only, and remove stub for uidMapInUserNS333fe31
libct/userns: change RunningInUserNS to a wrapper instead of an aliasbb72464
remove pre-go1.17 build-tags87e38c8
libcontainer/userns: simplify, and separate from "user" package.b19e084
*: add go-1.17+ go:build tagsdb243e2
*: rm redundant linux build tagUpdates
github.com/skeema/knownhosts
from 1.2.2 to 1.3.0Commits
9485bde
docs: add PR template and CONTRIBUTING.md guide; minor README tweaks8b8ca37
host matching: handle wildcards with non-standard port (#10)7c797a4
Merge pull request #9 from skeema/certs-backwards-compat53a26cc
Minor adjustments based on initial PR feedback69b4a62
certs: reimplement previous commit to maintain backwards compatd314bf3
Support cert authorities5832aa8
ci: send coverage to Coveralls; upgrade action versions7acc57b
go.mod: update golang.org/x dependenciesUpdates
github.com/sylabs/sif/v2
from 2.17.0 to 2.18.0Release notes
Sourced from github.com/sylabs/sif/v2's releases.
Commits
a2a8352
Merge pull request #374 from tri-adam/delete-objects68683b4
feat: add DeleteObjects94b0b65
build(deps): bump github.com/google/go-containerregistry (#376)48f265f
Merge pull request #373 from tri-adam/compactione8dad67
refactor: improve delete compaction logic8783e3b
refactor: improve compaction logic for AddObjecte3aa617
Merge pull request #375 from tri-adam/update-readme8f557d5
docs: update links to Go docsde30604
Merge pull request #368 from tri-adam/go-1.23-rc9ea2328
ci: add testing against Go 1.23 RCUpdates
go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp
from 0.52.0 to 0.53.0Release notes
Sourced from go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp's releases.
... (truncated)
Changelog
Sourced from go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp's changelog.
Commits
af75717
Release v1.28.0/v0.53.0/v0.22.0/v0.8.0/v0.3.0/v0.1.0 (#5847)b6a9271
fix(deps): update module github.com/aws/aws-sdk-go to v1.54.13 (#5843)66306fe
Add@XSAM
and@dmathieu
as repository maintainers (#5838)f783d1f
Upgrade Go versions in CI (#5845)d6e791c
fix(deps): update module github.com/aws/aws-sdk-go-v2/service/s3 to v1.58.0 (...efde831
Removeotelmongo
deprecation while we onboard a Code Owner (#5840)32d3e6a
fix(deps): update module google.golang.org/grpc to v1.65.0 (#5837)1ce0d1c
Revert toolchain addition to autoexport (#5841)53f34f2
fix(deps): update module cloud.google.com/go/compute/metadata to v0.4.0 (#5835)56e279e
fix(deps): update module github.com/aws/aws-sdk-go to v1.54.12 (#5834)Updates
go.opentelemetry.io/otel
from 1.27.0 to 1.28.0Changelog
Sourced from go.opentelemetry.io/otel's changelog.