Fix issue in evaluating symlink path for subpath #93707
Conversation
k8s-ci-robot
added
size/XS
k8s-ci-robot
added
sig/storage
|
/test pull-kubernetes-e2e-windows-gce |
1 similar comment
|
/test pull-kubernetes-e2e-windows-gce |
k8s-ci-robot
added
size/M
|
/test pull-kubernetes-e2e-windows-gce |
2 similar comments
|
/test pull-kubernetes-e2e-windows-gce |
|
/test pull-kubernetes-e2e-windows-gce |
k8s-ci-robot
added
size/S
|
cc @msau42 |
|
/retest |
| @@ -62,6 +62,32 @@ func evalPath(path string) (linkedPath string, err error) { | |||
| if isVolumePrefix(linkedPath) { | |||
| return path, err | |||
| } | |||
| // The following is a workaround solution for issue https://github.com/kubernetes/kubernetes/issues/93759 | |||
| if _, err = os.Lstat(linkedPath); err != nil { | |||
There was a problem hiding this comment.
Should we specifically look for not exists error?
There was a problem hiding this comment.
What happens if the linkedPath really does exist because of name collision between the directory name of the subpath and a real directory in the system? For example, your subpath was "/var/lib/kubelet/..../volumes/x/programs", and "C://programs" actually does exist?
There was a problem hiding this comment.
In that case, the following check will fail
if !mount.PathWithinBase(currentFullPath, volumePath) {
errorResult = fmt.Errorf("SubPath %q not within volume path %q", currentFullPath, volumePath)
break
}
https://github.com/kubernetes/kubernetes/blob/feaaf468ed83e214dd12a7d3c4fbf5177165c405/pkg/volume/util/subpath/subpath_windows.go#L170
|
/test pull-kubernetes-e2e-windows-gce |
1 similar comment
|
/test pull-kubernetes-e2e-windows-gce |
I think I didn't change the original flow. Basically instead of using a power shell command (which might take some time to execute), here use a few more commands to get the path. Even if user change symlink during or after this process, we only allow subpath which is under base path. The lock is implemented after we eval the subpath ? |
|
My understanding is that we skip evaluating the parts of the path that don't resolve correctly, which means that the path that gets returned from this function could still contain symlinks? |
k8s-ci-robot
removed
the
do-not-merge/release-note-label-needed
k8s-ci-robot
removed
the
needs-kind
jingxu97
added
the
approved
k8s-ci-robot
removed
the
lgtm
|
/test pull-kubernetes-e2e-windows-gce |
This PR tries to fix issue kubernetes#93759
|
/test pull-kubernetes-e2e-windows-gce |
|
/retest |
|
/retest |
k8s-ci-robot
added
the
lgtm
|
[APPROVALNOTIFIER] This PR is APPROVED This pull-request has been approved by: andyzhangx, jingxu97 The full list of commands accepted by this bot can be found here. The pull request process is described here
Needs approval from an approver in each of these files:
Approvers can indicate their approval by writing |
|
/priority important-soon |
k8s-ci-robot
added
priority/important-soon
|
/retest Review the full test history for this PR. Silence the bot with an |
3 similar comments
|
/retest Review the full test history for this PR. Silence the bot with an |
|
/retest Review the full test history for this PR. Silence the bot with an |
|
/retest Review the full test history for this PR. Silence the bot with an |
|
should consider to cherrypick to 1.18 |
After removing driver letter assignment during disk partition and formatting, we found an issue that golang filepath.EvalSymlnik no longer works. See bug golang/go#39786
We had used a simple powershell command (get-item -path %p).Target to get the symlink, but it does not address all the cases. If there is a subpath under symlink, this command does not resolve upper path symlink. During evaluating symlink, we need to make sure the returned target path does not contain any symlink.
This PR tries to recursively resolve symlink in the path until it checking all intermediate dirs.
What type of PR is this?
What this PR does / why we need it:
Which issue(s) this PR fixes:
Fixes #
Special notes for your reviewer:
Does this PR introduce a user-facing change?:
Additional documentation e.g., KEPs (Kubernetes Enhancement Proposals), usage docs, etc.: