not allow backsteps in local volume plugin

[dixudx]

Which issue this PR fixes : fixes #47207

Special notes for your reviewer:
cc @msau42 @ddysher
Just follow @liggitt commented.

Release note:

NONE

[k8s-ci-robot]

Hi @dixudx. Thanks for your PR.

I'm waiting for a kubernetes member to verify that this patch is reasonable to test. If it is, they should reply with @k8s-bot ok to test on its own line. Until that is done, I will not automatically test new commits in this PR, but the usual testing commands by org members will still work. Regular contributors should join the org to skip this step.

I understand the commands that are listed here.

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository. I understand the commands that are listed here.

[jhorwit2]

This should also probably be used for the host volume plugin, so perhaps a different name?

[jhorwit2]

Why is this check different from

https://github.com/kubernetes/kubernetes/blob/master/pkg/api/validation/validation.go#L947

It seems weird to me to have different validation here than every where else.

[dixudx]

@jhorwit2 Yeah, you're right. Thanks for pointing out.

These two functions are nearly the same. But https://github.com/kubernetes/kubernetes/blob/master/pkg/api/validation/validation.go#L947 may not be suitable to be called in pkg/volume/local/local.go.

[liggitt]

I don't really think the api package should be importing the volume package... I'd rather see the validation function stay in the validation package

[liggitt]

is maxFileNameLength the max of all platforms' max, or the min of all platforms' max?

[jhorwit2]

Isn't this already covered on each node when the mounts are provisioned, which would be platform specific?

[dixudx]

@liggitt Linux has a maximum filename length of 255 characters for most filesystems (including EXT4), and a maximum path of 4096 characters. On windows, the maximum length for a path is defined as 260 characters and a maximum total path length is 32,767 characters. Here maxFileNameLength is the min value. Also for maxPathLength.

[liggitt]

Since there are differences between platforms, I don't think we should be enforcing this this way. Let's limit this to the backstep path segment prevention for now

[dixudx]

Yeah, good advice. Function validateLocalNonReservedPath is quite similar with this function. Shall we abstract the core part to a common function?

[jhorwit2]

Local volumes would still allow backsteps in the VolumeMount.SubPath, correct? Do we want to also address that here? If I'm not mistaken that's taken care of outside the local volume mounter just like with the host volume mounter.

[php-coder]

1. if it's empty then I don't see a reason of showing it in quotes
2. I don't think that we should add "invalid path:" prefix to each error message. We're using field.Invalid() and it also adds similar prefix to the error AFAIR.

[dixudx]

@php-coder Actually function validateLocalNonReservedPath is exactly like what you said. But I think it is not quite suitable to be called by other functions.

[php-coder]

"%v: unexpected success for the path %q" ?

[php-coder]

I suggest to include path in the error msg, WDYT?

[dixudx]

Yeah, will update it.

[php-coder]

What is reserved paths and why we don't allow them? How they're dangerous? Is it something Windows-specific?

[msau42]

Do we want local and hostpath path validations to use the same function?

[dixudx]

@jhorwit2 Local volumes does not allow backsteps in the VolumeMount.SubPath, which has already been validated in ValidateVolumeMounts.

[jhorwit2]

@dixudx that check assumes the apiserver & the node are the same OS. I opened a PR that hopes to address that issue. #47290

[dixudx]

@liggitt PTAL. Revised based on #47290.

[liggitt]

return early

[liggitt]

should this be validating m.globalPath or dir?

[dixudx]

validating m.globalPath.

[msau42]

@k8s-bot ok to test

[msau42]

/lgtm

[dixudx]

@msau42 @liggitt need your approval. Thx.

[supereagle]

@dixudx Need to add release note to remove the label release-note-label-needed. Please refer to Write Release Notes if Needed.

[liggitt]

/lgtm

[dixudx]

/assign @thockin

Needs your approval @thockin . Thx.

[dchen1107]

/approve

Thanks!

[k8s-github-robot]

[APPROVALNOTIFIER] This PR is APPROVED

This pull-request has been approved by: dchen1107, dixudx, liggitt, msau42

Associated issue: 47207

The full list of commands accepted by this bot can be found here.

Needs approval from an approver in each of these OWNERS Files:

• pkg/api/OWNERS [dchen1107]
• pkg/volume/local/OWNERS [dchen1107,msau42]

You can indicate your approval by writing /approve in a comment
You can cancel your approval by writing /approve cancel in a comment

[k8s-github-robot]

Automatic merge from submit-queue (batch tested with PRs 34515, 47236, 46694, 47819, 47792)