-
Notifications
You must be signed in to change notification settings - Fork 562
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
interfaces/utils: allow commas in filepaths #12697
Commits on Apr 19, 2023
-
interfaces/utils: allow commas in filepaths
Some device paths contain commas outside of groups (i.e. {a,b}) or classes (i.e. [,.:;'"]). For example, `/dev/foo,bar` is a valid device path which one might with to use with the custom-device interface. Most filesystems allow commas in filepaths, as does apparmor: https://gitlab.com/apparmor/apparmor/-/blob/master/parser/parser_regex.c#L340 Previously, createRegex() would throw an error if a comma was used outside of a group or class. This commit removes that error and instead treats commas outside of groups and classes as literal commas. The accompanying tests are also adjusted to reflect this change. Signed-off-by: Oliver Calder <oliver.calder@canonical.com>
Configuration menu - View commit details
-
Copy full SHA for a2af1f6 - Browse repository at this point
Copy the full SHA a2af1f6View commit details -
interfaces/utils: added argument to allow commas in filepaths
Rather than allowing any caller of `NewPathPattern()` to successfully validate paths containing commas, this change adds a boolean argument which explicitly specifies whether commas should be allowed in the filepath. There are some risks involved with allowing commas in filepaths (see discussion at snapcore#12697), so it is desirable to restrict when commas are allowed based on the caller. In particular, superprivileged interfaces (such as `custom-device` and `mount-control`) have valid needs for commas in filepaths, and users of these interfaces are individually verified, so it is safe for them to use `NewPathPattern()` with commas allowed. Other callers (particularly unprivileged interfaces) should probably not allow commas. I was unsure whether `overlord/hookstate/ctlcmd/mount.go` should call `NewPathPattern()` with commas allowed or not, but since commas had previously been disallowed and tests continue to pass with `allowCommas=false`, then I decided to leave it as `false`. Signed-off-by: Oliver Calder <oliver.calder@canonical.com>
Configuration menu - View commit details
-
Copy full SHA for 83b35ed - Browse repository at this point
Copy the full SHA 83b35edView commit details -
interfaces/{builtin,utils}: added named variables for allowCommas
Also, switched `overlord/hookstate/ctlcmd/mount.go` to allow commas (previously did not, but this should match what is allowed in `interfaces/builtin/mount_control.go`. Signed-off-by: Oliver Calder <oliver.calder@canonical.com>
Configuration menu - View commit details
-
Copy full SHA for df01453 - Browse repository at this point
Copy the full SHA df01453View commit details -
interfaces/utils: added unit tests for commas in paths
Signed-off-by: Oliver Calder <oliver.calder@canonical.com>
Configuration menu - View commit details
-
Copy full SHA for f952e0f - Browse repository at this point
Copy the full SHA f952e0fView commit details -
interfaces/utils: remove
QuoteMeta
when adding","
to path regexSince `,` is not a regex special character, the `QuoteMeta` call is unnecessary. Signed-off-by: Oliver Calder <oliver.calder@canonical.com>
Configuration menu - View commit details
-
Copy full SHA for 6802115 - Browse repository at this point
Copy the full SHA 6802115View commit details -
interfaces/utils: renamed TestCommasInRegex to TestCreateRegexWithCommas
Signed-off-by: Oliver Calder <oliver.calder@canonical.com>
Configuration menu - View commit details
-
Copy full SHA for 730d51a - Browse repository at this point
Copy the full SHA 730d51aView commit details
Commits on Apr 20, 2023
-
many: added unit tests for callers of NewPathPattern with allowCommas…
…=true Signed-off-by: Oliver Calder <oliver.calder@canonical.com>
Configuration menu - View commit details
-
Copy full SHA for dfb046f - Browse repository at this point
Copy the full SHA dfb046fView commit details
Commits on May 17, 2023
-
Configuration menu - View commit details
-
Copy full SHA for 948297f - Browse repository at this point
Copy the full SHA 948297fView commit details