ed125c0c1c
Currently, this filter only takes into account 'ip netns exec' as input but this command accepts different aliases like 'ip net e' or 'ip netn ex', etcetera. This is a security issue since bypassing this filter basically allows anyone to execute arbitary commands because IpFilter will get hit and there's not going to be any further checks against CommandFilters. Change-Id: I2f6e55de4e60f2d3a6166c2fefbc31e9afc6c26f Closes-Bug: 1765734 Co-Authored-By: Jakub Libosvar <jlibosva@redhat.com> Signed-off-by: Daniel Alvarez <dalvarez@redhat.com> |
||
---|---|---|
.. | ||
__init__.py | ||
run_daemon.py | ||
test_functional_eventlet.py | ||
test_functional.py | ||
test_rootwrap.py |