Skip to content

Commit 46bb2cf

Browse files
authored
Merge pull request #176 from datum-cloud/fix/plugin-path-execution
fix: harden host-device plugin invocation path
2 parents 4e093af + 3eee9c5 commit 46bb2cf

1 file changed

Lines changed: 27 additions & 9 deletions

File tree

internal/cni/host_device.go

Lines changed: 27 additions & 9 deletions
Original file line numberDiff line numberDiff line change
@@ -7,8 +7,11 @@ package cni
77
import (
88
"context"
99
"encoding/json"
10+
"errors"
11+
"fmt"
1012
"os"
1113
"path/filepath"
14+
"time"
1215

1316
"github.com/containernetworking/cni/pkg/invoke"
1417
"github.com/containernetworking/cni/pkg/skel"
@@ -18,13 +21,24 @@ import (
1821
"go.datum.net/galactic/internal/plumbing/intf"
1922
)
2023

21-
func hostDeviceExecutable() string {
22-
path, _ := os.Executable()
23-
dir := filepath.Dir(path)
24-
return filepath.Join(dir, "host-device")
24+
func hostDeviceExecutable() (string, error) {
25+
exe, err := os.Executable()
26+
if err != nil {
27+
return "", fmt.Errorf("cannot determine executable path: %w", err)
28+
}
29+
path := filepath.Join(filepath.Dir(exe), "host-device")
30+
if _, err := os.Stat(path); err != nil {
31+
return "", fmt.Errorf("host-device binary not found at %s: %w", path, err)
32+
}
33+
return path, nil
2534
}
2635

2736
func hostDevice(command string, skelArgs *skel.CmdArgs, pluginConf *PluginConf) error {
37+
hostDevicePath, err := hostDeviceExecutable()
38+
if err != nil {
39+
return fmt.Errorf("resolve host-device binary: %w", err)
40+
}
41+
2842
conf, err := json.Marshal(HostDevicePluginConf{
2943
PluginConf: types.PluginConf{
3044
CNIVersion: pluginConf.CNIVersion,
@@ -49,11 +63,15 @@ func hostDevice(command string, skelArgs *skel.CmdArgs, pluginConf *PluginConf)
4963
IfName: skelArgs.IfName,
5064
Path: skelArgs.Path,
5165
}
52-
if _, err := invokeExec.ExecPlugin(
53-
context.Background(), hostDeviceExecutable(), conf,
54-
invokeArgs.AsEnv(),
55-
); err != nil {
56-
return err
66+
ctx, cancel := context.WithTimeout(context.Background(), 5*time.Second)
67+
defer cancel()
68+
result, err := invokeExec.ExecPlugin(ctx, hostDevicePath, conf, invokeArgs.AsEnv())
69+
if err != nil {
70+
return fmt.Errorf("host-device plugin failed: %w", err)
71+
}
72+
if result == nil {
73+
return errors.New("host-device plugin returned nil result")
5774
}
75+
_ = result // Result validated as non-nil; host-device is a delegation helper, not an IPAM provider.
5876
return nil
5977
}

0 commit comments

Comments
 (0)