dd272d2b0c
Files in /var/tmp/ are controllable by any user. In particular, an
unprivileged user could create an sosreport* file containing a `'` and a
shell command, which would then run with root privileges when the
admin Cockpit user tried to delete the report.
Use the `cockpit.file()` API instead, which entirely avoids shell. The
main motivation for using shell and the glob was to ensure that the
auxiliary files like *.gpg and *.sha256 get cleaned up -- do that
explicitly (which is much safer anyway), and let our tests make sure
that we don't leave files behind.
https://bugzilla.redhat.com/show_bug.cgi?id=2271614
https://bugzilla.redhat.com/show_bug.cgi?id=2271815
Cherry-picked from main commit
|
||
---|---|---|
.cockpit-ci | ||
.fmf | ||
.github | ||
containers | ||
doc | ||
examples | ||
node_modules@6a19faaf27 | ||
pkg | ||
plans | ||
po | ||
selinux | ||
src | ||
test | ||
tools | ||
vendor | ||
.eslintignore | ||
.eslintrc.json | ||
.flake8 | ||
.flowconfig | ||
.gitignore | ||
.gitleaks.toml | ||
.gitmodules | ||
.stylelintrc.json | ||
AUTHORS | ||
COPYING | ||
HACKING.md | ||
Makefile.am | ||
README.md | ||
autogen.sh | ||
build.js | ||
configure.ac | ||
files.js | ||
package.json | ||
packit.yaml | ||
pyproject.toml |
README.md
Cockpit
A sysadmin login session in a web browser
Cockpit is an interactive server admin interface. It is easy to use and very lightweight. Cockpit interacts directly with the operating system from a real Linux session in a browser.
Using Cockpit
You can install Cockpit on many Linux operating systems including Debian, Fedora and RHEL.
Cockpit makes Linux discoverable, allowing sysadmins to easily perform tasks such as starting containers, storage administration, network configuration, inspecting logs and so on.
Jumping between the terminal and the web tool is no problem. A service started via Cockpit can be stopped via the terminal. Likewise, if an error occurs in the terminal, it can be seen in the Cockpit journal interface.
You can also easily add other machines that have Cockpit installed and are accessible via SSH and jump between these hosts.