spec: clarify allowed characters in ContainerID #679
Comments
|
Shouldn't that then be sanitized on plugins level, before they would use that on filesystem? That reason for trimming available character set in this case seems to be invalid to me. Still, if you would proceed with that, I would suggest to use https://golang.org/pkg/os/#PathSeparator instead of hardcoding "/" there. |
|
@bboreham suggests that we should limit the length of ContainerID too. |
|
We have decided to add filesystem-safe ContainerID escaping functions to containernetworking/cni/pkg/utils/ (in a new file there) because any sane plugin should do that regardless of restrictions on ContainerID content, plus it doesn't seem like a huge win to get all pedantic on ContainerID content. |
|
Having a common/reusable way to sanitize the thing is a very good idea. |
|
And this time around, we've decided to restrict allowed characters in ContainerID and enforce that restriction in libcni and skel. |
|
IIRC also for networkName |
@mccv1r0 agreed. |
The spec doesn't say anything about the characters allowed in a ContainerID. We probably shouldn't allow filesystem path characters like "/" or ":", or a ContainerID of just "." or ".." since the ID is used by some plugins in cache file names.
The text was updated successfully, but these errors were encountered: