aboutsummaryrefslogtreecommitdiffstats
path: root/docs
diff options
context:
space:
mode:
authorJake Hunsaker <jhunsake@redhat.com>2018-11-28 10:43:40 -0500
committerBryn M. Reeves <bmr@redhat.com>2019-03-12 15:32:39 +0000
commitbcc939b71842175010e60d0d063043e9f780c702 (patch)
tree6edde4cd061f1268719650beaaf0232a5bd56650 /docs
parent749165e09da65d073ace7136dc29cfa28931b751 (diff)
downloadsos-bcc939b71842175010e60d0d063043e9f780c702.tar.gz
[podman|docker] Add postprocessing for container inspect output
Adds a postproc for the podman and docker plugins to attempt to obfuscate sensitive keys in 'inspect' output for those runtimes. Previously, these keys were being captured in plaintext which could lead to passwords or similar being leaked when sysadmins configure containers with environment variables (or similar) that contain this data. Specifically, we match against 'key=value' pairs as that is how the container runtimes accept and print these pairs, like so: "Env": [ "mypassword=supersecret", "container=oci" ], By comparison, the inspect outputs now read like the following when a potentially sensitive key is found: "Env": [ "mypassword=********", "container=oci" ], Resolves: #1487 Signed-off-by: Jake Hunsaker <jhunsake@redhat.com> Signed-off-by: Bryn M. Reeves <bmr@redhat.com>
Diffstat (limited to 'docs')
0 files changed, 0 insertions, 0 deletions