-
Notifications
You must be signed in to change notification settings - Fork 2.5k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Stop glob'ing on podman cp #3942
Conversation
[APPROVALNOTIFIER] This PR is APPROVED This pull-request has been approved by: jwhonce The full list of commands accepted by this bot can be found here. The pull request process is described here
Needs approval from an approver in each of these files:
Approvers can indicate their approval by writing |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Removing the globs is fine, but I can’t see how the rest of the PR is secure; it removes a large part of the existing protections without any replacement that I can see.
If it is doing something non-obvious, please write an explicit argument (that someone unfamiliar with the code can follow, like a future maintainer) for why it is secure (what are the security objectives, how are those goals upheld; maybe what are the attacks and how they are prevented) — ideally as comments directly in the code to decrease the risk that future maintainers will undo/break that without noticing.
BTW, I think we should go back to default to pausing the container. Then if someone wants to have better performance is willing to take on the risk, they can run it with the --pause=false flag. |
Lets get the default changed to default to Pause and get the temporary patch fixed. And then open a card to do a full test. |
7444102
to
db04149
Compare
* symlink processing and wildcarding led to unexpected files being copied Signed-off-by: Jhon Honce <[email protected]>
LGTM assuming happy tests |
One issue with the pause is this will fail on rootless containers not running with cgroups V2, but I still think it is a good default. |
/lgtm |
We can't break |
|
/cherrypick v1.4.2-stable |
Signed-off-by: Jhon Honce [email protected]