-
Notifications
You must be signed in to change notification settings - Fork 38.7k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Don't allow backsteps in local volume plugin #47207
Comments
@msau42 There are no sig labels on this issue. Please add a sig label by: |
/sig storage |
@ddysher, would you be able to look at this? |
To clarify, I don't think this is critical to fix in 1.7 (for local volumes). Only the adminstrator can create local PVs, so the paths they export are under their control. |
sure, i'll take a look after external provisioner work. |
if you want to change API validation, you should do it before 1.7 releases, since the field is new. Changing validation on a released field is much harder |
Approved this for 1.7 release based on the conversation with @liggitt and the engineers from @kubernetes/sig-storage-misc |
…lume Automatic merge from submit-queue (batch tested with PRs 34515, 47236, 46694, 47819, 47792) not allow backsteps in local volume plugin **Which issue this PR fixes** : fixes #47207 **Special notes for your reviewer**: cc @msau42 @ddysher Just follow @liggitt [commented](#47107 (comment)). **Release note**: ```release-note NONE ```
Kubernetes version (use
kubectl version
): 1.7Similar to #47107, we need to check for backsteps in the path ("/foo/bar/../../../baz") for the local volume. It should be checked in the API validation, and also at mount time.
The text was updated successfully, but these errors were encountered: