Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

kustomize/filesys: config of allowed prefixes #264

Merged
merged 1 commit into from
Apr 20, 2022
Merged

kustomize/filesys: config of allowed prefixes #264

merged 1 commit into from
Apr 20, 2022

Conversation

hiddeco
Copy link
Member

@hiddeco hiddeco commented Apr 20, 2022

This introduction is required for the build of Kustomizations which
refer to remote bases, as the internal load process creates new
temporary directories to fetch these into.

By ensuring the root of the FS does not start with an allowed prefix,
it is not possible for a FS to reach into another FS if the program
which creates them uses a static list.

This solution is not optimal, and is a signal we need to fork Kustomize
(and advocate upstream), to simply allow a more diverse configuration
of loader restrictions. Making this FS implementation obsolete.

@hiddeco hiddeco added enhancement New feature or request area/kustomize Kustomize related issues and pull requests labels Apr 20, 2022
@hiddeco hiddeco force-pushed the kus-fs-allow-prefix branch 2 times, most recently from 3e112d2 to 3abdbb3 Compare April 20, 2022 14:27
@hiddeco hiddeco changed the title kustomize/filesystem: allow config of prefixes kustomize/filesys: config of allowed prefixes Apr 20, 2022
@hiddeco
kustomize/filesys: config of allowed prefixes
a2505ae 
This introduction is required for the build of Kustomizations which
refer to remote bases, as the internal load process creates new
temporary directories to fetch these into.

By ensuring the `root` of the FS does not start with an allowed prefix,
it is not possible for a FS to reach into another FS if the program
which creates them uses a static list.

This solution is not optimal, and is a signal we need to fork Kustomize
(and advocate upstream), to simply allow a more diverse configuration
of loader restrictions. Making this FS implementation obsolete.

Signed-off-by: Hidde Beydals <[email protected]>
@hiddeco hiddeco force-pushed the kus-fs-allow-prefix branch from 3abdbb3 to a2505ae Compare April 20, 2022 14:30
@hiddeco hiddeco mentioned this pull request Apr 20, 2022
Merged
darkowlzz
darkowlzz approved these changes Apr 20, 2022
View reviewed changes
Copy link
Contributor

@darkowlzz darkowlzz left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM!

@hiddeco hiddeco merged commit 42a63df into main Apr 20, 2022
@hiddeco hiddeco deleted the kus-fs-allow-prefix branch April 20, 2022 15:06
@pjbgf pjbgf added this to the GA milestone May 4, 2022
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@darkowlzz darkowlzz darkowlzz approved these changes

Assignees
No one assigned
Labels
area/kustomize Kustomize related issues and pull requests enhancement New feature or request
Projects
Maintainers' Focus
Status: Done
Milestone
GA
Development

Successfully merging this pull request may close these issues.
3 participants
@hiddeco @darkowlzz @pjbgf