diff options
author | Jake Hunsaker <jhunsake@redhat.com> | 2018-11-28 10:43:40 -0500 |
---|---|---|
committer | Bryn M. Reeves <bmr@redhat.com> | 2019-03-12 15:32:39 +0000 |
commit | bcc939b71842175010e60d0d063043e9f780c702 (patch) | |
tree | 6edde4cd061f1268719650beaaf0232a5bd56650 /docs | |
parent | 749165e09da65d073ace7136dc29cfa28931b751 (diff) | |
download | sos-bcc939b71842175010e60d0d063043e9f780c702.tar.gz |
[podman|docker] Add postprocessing for container inspect output
Adds a postproc for the podman and docker plugins to attempt to
obfuscate sensitive keys in 'inspect' output for those runtimes.
Previously, these keys were being captured in plaintext which could lead
to passwords or similar being leaked when sysadmins configure containers
with environment variables (or similar) that contain this data.
Specifically, we match against 'key=value' pairs as that is how the
container runtimes accept and print these pairs, like so:
"Env": [
"mypassword=supersecret",
"container=oci"
],
By comparison, the inspect outputs now read like the following when a
potentially sensitive key is found:
"Env": [
"mypassword=********",
"container=oci"
],
Resolves: #1487
Signed-off-by: Jake Hunsaker <jhunsake@redhat.com>
Signed-off-by: Bryn M. Reeves <bmr@redhat.com>
Diffstat (limited to 'docs')
0 files changed, 0 insertions, 0 deletions