containers
diff --git a/‎go.mod‎
Lines changed: 1 addition & 1 deletion b/‎go.mod‎
Lines changed: 1 addition & 1 deletion
diff --git a/‎go.sum‎
Lines changed: 2 additions & 2 deletions b/‎go.sum‎
Lines changed: 2 additions & 2 deletions
diff --git a/‎libpod/container_internal_linux.go‎
Lines changed: 3 additions & 3 deletions b/‎libpod/container_internal_linux.go‎
Lines changed: 3 additions & 3 deletions
diff --git a/‎pkg/domain/infra/abi/play_linux.go‎
Lines changed: 3 additions & 3 deletions b/‎pkg/domain/infra/abi/play_linux.go‎
Lines changed: 3 additions & 3 deletions
diff --git a/‎vendor/github.com/cyphar/filepath-securejoin/.golangci.yml‎
Lines changed: 56 additions & 0 deletions b/‎vendor/github.com/cyphar/filepath-securejoin/.golangci.yml‎
Lines changed: 56 additions & 0 deletions
diff --git a/‎vendor/github.com/cyphar/filepath-securejoin/CHANGELOG.md‎
Lines changed: 150 additions & 3 deletions b/‎vendor/github.com/cyphar/filepath-securejoin/CHANGELOG.md‎
Lines changed: 150 additions & 3 deletions
@@ -20,7 +20,7 @@ require (
 	github.com/containers/winquit v1.1.0
 	github.com/coreos/go-systemd/v22 v22.6.0
 	github.com/crc-org/vfkit v0.6.1
-	github.com/cyphar/filepath-securejoin v0.4.1
+	github.com/cyphar/filepath-securejoin v0.5.1
 	github.com/digitalocean/go-qemu v0.0.0-20250212194115-ee9b0668d242
 	github.com/docker/distribution v2.8.3+incompatible
 	github.com/docker/docker v28.5.2+incompatible
 
@@ -88,8 +88,8 @@ github.com/creack/pty v1.1.21 h1:1/QdRyBaHHJP61QkWMXlOIBfsgdDeeKfK8SYVUWJKf0=
 github.com/creack/pty v1.1.21/go.mod h1:MOBLtS5ELjhRRrroQr9kyvTxUAFNvYEK993ew/Vr4O4=
 github.com/cyberphone/json-canonicalization v0.0.0-20241213102144-19d51d7fe467 h1:uX1JmpONuD549D73r6cgnxyUu18Zb7yHAy5AYU0Pm4Q=
 github.com/cyberphone/json-canonicalization v0.0.0-20241213102144-19d51d7fe467/go.mod h1:uzvlm1mxhHkdfqitSA92i7Se+S9ksOn3a3qmv/kyOCw=
-github.com/cyphar/filepath-securejoin v0.4.1 h1:JyxxyPEaktOD+GAnqIqTf9A8tHyAG22rowi7HkoSU1s=
-github.com/cyphar/filepath-securejoin v0.4.1/go.mod h1:Sdj7gXlvMcPZsbhwhQ33GguGLDGQL7h7bg04C/+u9jI=
+github.com/cyphar/filepath-securejoin v0.5.1 h1:eYgfMq5yryL4fbWfkLpFFy2ukSELzaJOTaUTuh+oF48=
+github.com/cyphar/filepath-securejoin v0.5.1/go.mod h1:Sdj7gXlvMcPZsbhwhQ33GguGLDGQL7h7bg04C/+u9jI=
 github.com/davecgh/go-spew v1.1.0/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38=
 github.com/davecgh/go-spew v1.1.1/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38=
 github.com/davecgh/go-spew v1.1.2-0.20180830191138-d8f796af33cc h1:U9qPSI2PIWSS1VwoXQT9A3Wy9MM3WgvqSxFWenqJduM=
 
@@ -17,7 +17,7 @@ import (
 	"github.com/containers/podman/v6/libpod/define"
 	"github.com/containers/podman/v6/libpod/shutdown"
 	"github.com/containers/podman/v6/pkg/rootless"
-	securejoin "github.com/cyphar/filepath-securejoin"
+	"github.com/cyphar/filepath-securejoin/pathrs-lite"
 	"github.com/moby/sys/capability"
 	spec "github.com/opencontainers/runtime-spec/specs-go"
 	"github.com/opencontainers/runtime-tools/generate"
@@ -741,7 +741,7 @@ func (s *safeMountInfo) Close() {
 // The caller is responsible for closing the file descriptor and unmounting the subpath
 // when it's no longer needed.
 func (c *Container) safeMountSubPath(mountPoint, subpath string) (s *safeMountInfo, err error) {
-	file, err := securejoin.OpenInRoot(mountPoint, subpath)
+	file, err := pathrs.OpenInRoot(mountPoint, subpath)
 	if err != nil {
 		return nil, err
 	}
@@ -834,7 +834,7 @@ var hasCapSysResource = sync.OnceValues(func() (bool, error) {
 
 // containerPathIsFile returns true if the given containerPath is a file
 func containerPathIsFile(unsafeRoot string, containerPath string) (bool, error) {
-	f, err := securejoin.OpenInRoot(unsafeRoot, containerPath)
+	f, err := pathrs.OpenInRoot(unsafeRoot, containerPath)
 	if err != nil {
 		return false, err
 	}
 
@@ -5,14 +5,14 @@ package abi
 import (
 	"os"
 
-	securejoin "github.com/cyphar/filepath-securejoin"
+	"github.com/cyphar/filepath-securejoin/pathrs-lite"
 )
 
 // openSymlinkPath opens the path under root using securejoin.OpenatInRoot().
 func openSymlinkPath(root *os.File, unsafePath string, flags int) (*os.File, error) {
-	file, err := securejoin.OpenatInRoot(root, unsafePath)
+	file, err := pathrs.OpenatInRoot(root, unsafePath)
 	if err != nil {
 		return nil, err
 	}
-	return securejoin.Reopen(file, flags)
+	return pathrs.Reopen(file, flags)
 }
Original file line number	Diff line number	Diff line change
`@@ -5,14 +5,14 @@ package abi`
`5`	`5`	`import (`
`6`	`6`	`"os"`
`7`	`7`
`8`		`- securejoin "github.com/cyphar/filepath-securejoin"`
	`8`	`+ "github.com/cyphar/filepath-securejoin/pathrs-lite"`
`9`	`9`	`)`
`10`	`10`
`11`	`11`	`// openSymlinkPath opens the path under root using securejoin.OpenatInRoot().`
`12`	`12`	`func openSymlinkPath(root os.File, unsafePath string, flags int) (os.File, error) {`
`13`		`- file, err := securejoin.OpenatInRoot(root, unsafePath)`
	`13`	`+ file, err := pathrs.OpenatInRoot(root, unsafePath)`
`14`	`14`	`if err != nil {`
`15`	`15`	`return nil, err`
`16`	`16`	`}`
`17`		`- return securejoin.Reopen(file, flags)`
	`17`	`+ return pathrs.Reopen(file, flags)`
`18`	`18`	`}`