Commit graph

4 commits

Author SHA1 Message Date
Yong Tang
86ae5d2895 Restrict checkpoint name to prevent directory traversal
This fix tries to address the issue raised in 28769 where
checkpoint name was not checked before passing to containerd.
As a result, it was possible to use a special checkpoint name
to get outside of the container's directory.

This fix add restriction `[a-zA-Z0-9][a-zA-Z0-9_.-]+` (`RestrictedNamePattern`).
This is the same as container name restriction.

This fix fixes 28769.

Signed-off-by: Yong Tang <yong.tang.github@outlook.com>
(cherry picked from commit c90ec05175)
Signed-off-by: Victor Vieux <victorvieux@gmail.com>
2016-11-28 11:17:55 -08:00
David Trott
c9d0a77657 Added the word "container" to clarify the error message.
Signed-off-by: David Trott <github@davidtrott.com>
2016-08-22 13:41:17 -07:00
Vincent Demeester
bfa0885c37
Moving some more methods away from daemon.go
Signed-off-by: Vincent Demeester <vincent@sbr.pm>
2016-05-27 11:32:26 +02:00
Vincent Demeester
fb48bf518b
Move some container related methods and structs to smaller files
Signed-off-by: Vincent Demeester <vincent@sbr.pm>
2016-05-24 21:31:15 +02:00