Apply more structure to pod data dirs #3403
Conversation
This is makes it possible to read back "known" pods from disk without getting other (non-pod) kubelet dirs in the mix. Ditto for containers within a pod. This is just saner overall. Pods now nest in a pods/ dir. Likewise containers.
| func (kl *Kubelet) GetPodsDir() string { | ||
| return kl.GetRootDir() | ||
| return path.Join(kl.GetRootDir(), "pods") | ||
| } | ||
|
|
||
| // GetPodDir returns the full path to the per-pod data directory for the | ||
| // specified pod. This directory may not exist if the pod does not exist. | ||
| func (kl *Kubelet) GetPodDir(podUID string) string { |
There was a problem hiding this comment.
I worry about security here. A sanity check that there are no special characters here would help. This is the type of code that can often lead to a directory traversal attack.
There was a problem hiding this comment.
I'm not sure I follow. GetRootDir() is controlled by kubelet, so any trickery would have to come through the flag that controls root dir. If you are setting flags you are already root. The joining of pod UID and container name predicate on the validation done before we accept a pod.
Can you clarify what sort of attack you are conceiving of? Caveat, I suck at security analysis.
There was a problem hiding this comment.
I'm mostly worried about the container name (and perhaps the UID). While I know we validate that higher up, defense in depth is the name of the game.
|
LGTM -- the extra security check would be good but the code already is missing it so this is a no-op from that point of view. Feel free to add something or self merge. |
Apply more structure to pod data dirs
This is makes it possible to read back "known" pods from disk without
getting other (non-pod) kubelet dirs in the mix. Ditto for containers
within a pod. This is just saner overall. Pods now nest in a pods/
dir. Likewise containers. Backwards compat code for now, but should
be stripped out before 1.0.