github/kata-containers
1
0
Fork 2
mirror of https://github.com/kata-containers/kata-containers.git synced 2026-05-17 04:52:23 +00:00
Code Issues Projects Releases Wiki Activity

genpolicy: Fix matching of .. in paths

Browse Source 
When not escaped, the `.` character in a regular expression matches
any character. This causes `CopyFileRequest is blocked by policy`
for paths like :

/run/kata-containers/shared/containers/b8d668e556bc5daf7454de26496a419128d182c5c16d5af6ad03a9e2593f96d4-c9126bd2cf103ae6-secrets/rhsm/ca

In this case, the match is `/ca`.

Signed-off-by: Greg Kurz <groug@kaod.org>
This commit is contained in:
Greg Kurz
2026-05-06 08:04:12 +02:00
parent bdaa65e29d
commit 56eda1686c
1 changed files with 1 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
src/tools/genpolicy/rules.rego
View File

@@ -1520,7 +1520,7 @@ strip_cap_prefix(s) := result if {
}
check_directory_traversal(i_path) if {
not regex.match("(^|/)..($|/)", i_path)
not regex.match("(^|/)\\.\\.($|/)", i_path)
}
allow_sandbox_storages(i_storages) if {