Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Follow symlinks in Docker entrypoint #50927

Merged
merged 3 commits into from
Jan 16, 2020
Merged

Follow symlinks in Docker entrypoint #50927

merged 3 commits into from
Jan 16, 2020

Conversation

pugnascotia
Copy link
Contributor

Closes #49653. When using _FILE environment variables to supply values to Elasticsearch, following symlinks when checking that file permissions are secure.

The pertinent change is adding -L to the stat call in elasticsearch-env-from-file.

@pugnascotia
Follow symlinks in Docker entrypoint
63b2f28 
Closes elastic#49653. When using _FILE environment variables to supply values
to Elasticsearch, following symlinks when checking that file permissions
are secure.
@pugnascotia pugnascotia added :Delivery/Packaging RPM and deb packaging, tar and zip archives, shell and batch scripts v8.0.0 labels Jan 13, 2020
@pugnascotia pugnascotia requested a review from dliappis January 13, 2020 15:47
@elasticmachine
Copy link
Collaborator

Pinging @elastic/es-core-infra (:Core/Infra/Packaging)

dliappis
dliappis approved these changes Jan 14, 2020
View reviewed changes
Copy link
Contributor

@dliappis dliappis left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM thanks!

@pugnascotia pugnascotia requested a review from dliappis January 15, 2020 11:28
dliappis
dliappis approved these changes Jan 16, 2020
View reviewed changes
Copy link
Contributor

@dliappis dliappis left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM!

The improvements in 954d3f5 are really good IMO and should help troubleshooting and the general user experience with this feature.

@pugnascotia
Copy link
Contributor Author

@elasticmachine update branch

@pugnascotia pugnascotia merged commit 0dfb72e into elastic:master Jan 16, 2020
@pugnascotia pugnascotia deleted the 49653-handle-symlinks-with-docker-file-envvars branch January 16, 2020 14:23
pugnascotia added a commit to pugnascotia/elasticsearch that referenced this pull request Jan 16, 2020
@pugnascotia
Follow symlinks in Docker entrypoint (elastic#50927)
b96cb9b 
Closes elastic#49653. When using _FILE environment variables to supply values
to Elasticsearch, following symlinks when checking that file permissions
are secure.
@pugnascotia pugnascotia mentioned this pull request Jan 16, 2020
Merged
pugnascotia added a commit to pugnascotia/elasticsearch that referenced this pull request Jan 16, 2020
@pugnascotia
Follow symlinks in Docker entrypoint (elastic#50927)
6c7d598 
Closes elastic#49653. When using _FILE environment variables to supply values
to Elasticsearch, following symlinks when checking that file permissions
are secure.
@pugnascotia pugnascotia mentioned this pull request Jan 16, 2020
Merged
pugnascotia added a commit that referenced this pull request Jan 18, 2020
@pugnascotia
Follow symlinks in Docker entrypoint (#51101)
e6f7784 
Backport of #50927.

Closes #49653. When using _FILE environment variables to supply values
to Elasticsearch, following symlinks when checking that file permissions
are secure.
pugnascotia added a commit that referenced this pull request Jan 18, 2020
@pugnascotia
Follow symlinks in Docker entrypoint (#51102)
cb43513 
Backport of #50927.

Closes #49653. When using _FILE environment variables to supply values
to Elasticsearch, following symlinks when checking that file permissions
are secure.
SivagurunathanV pushed a commit to SivagurunathanV/elasticsearch that referenced this pull request Jan 23, 2020
@pugnascotia @SivagurunathanV
Follow symlinks in Docker entrypoint (elastic#50927)
059e4d2 
Closes elastic#49653. When using _FILE environment variables to supply values
to Elasticsearch, following symlinks when checking that file permissions
are secure.
@mark-vieira mark-vieira added the Team:Delivery Meta label for Delivery team label Nov 11, 2020
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@dliappis dliappis dliappis approved these changes

Assignees
No one assigned
Labels
:Delivery/Packaging RPM and deb packaging, tar and zip archives, shell and batch scripts >non-issue Team:Delivery Meta label for Delivery team v7.7.0 v8.0.0-alpha1
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

_FILE variable permission check does not follow symlinks
5 participants
@pugnascotia @elasticmachine @dliappis @jakelandis @mark-vieira