github/kubernetes
1
0
Fork 0
mirror of https://github.com/k3s-io/kubernetes.git synced 2025-07-19 09:52:49 +00:00
Code Issues Projects Releases Wiki Activity

kubelet: use filepath.Clean before init, validate it in setupDataDirs

Browse Source
This commit is contained in:
Paco Xu 2023-03-17 13:24:58 +08:00
parent 8b2dae57d4
commit 7afcfe1826
3 changed files with 8 additions and 4 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

3
cmd/kubelet/app/options/options.go
View File

@ -20,6 +20,7 @@ package options
import ( import (
"fmt" "fmt"
_ "net/http/pprof" // Enable pprof HTTP handlers. _ "net/http/pprof" // Enable pprof HTTP handlers.
"path/filepath"
"strings" "strings"
"github.com/spf13/pflag" "github.com/spf13/pflag"
@ -138,7 +139,7 @@ func NewKubeletFlags() *KubeletFlags {
return &KubeletFlags{ return &KubeletFlags{
ContainerRuntimeOptions: *NewContainerRuntimeOptions(), ContainerRuntimeOptions: *NewContainerRuntimeOptions(),
CertDirectory: "/var/lib/kubelet/pki", CertDirectory: "/var/lib/kubelet/pki",
RootDirectory: defaultRootDir, RootDirectory: filepath.Clean(defaultRootDir),
MaxContainerCount: -1, MaxContainerCount: -1,
MaxPerPodContainerCount: 1, MaxPerPodContainerCount: 1,
MinimumGCAge: metav1.Duration{Duration: 0}, MinimumGCAge: metav1.Duration{Duration: 0},

6
pkg/kubelet/kubelet.go
View File

@ -523,7 +523,7 @@ func NewMainKubelet(kubeCfg *kubeletconfiginternal.KubeletConfiguration,
kubeClient: kubeDeps.KubeClient, kubeClient: kubeDeps.KubeClient,
heartbeatClient: kubeDeps.HeartbeatClient, heartbeatClient: kubeDeps.HeartbeatClient,
onRepeatedHeartbeatFailure: kubeDeps.OnHeartbeatFailure, onRepeatedHeartbeatFailure: kubeDeps.OnHeartbeatFailure,
rootDirectory: rootDirectory, rootDirectory: filepath.Clean(rootDirectory),
resyncInterval: kubeCfg.SyncFrequency.Duration, resyncInterval: kubeCfg.SyncFrequency.Duration,
sourcesReady: config.NewSourcesReady(kubeDeps.PodConfig.SeenAllSources), sourcesReady: config.NewSourcesReady(kubeDeps.PodConfig.SeenAllSources),
registerNode: registerNode, registerNode: registerNode,
@ -1321,7 +1321,9 @@ func (kl *Kubelet) RlimitStats() (*statsapi.RlimitStats, error) {
// 4. the pod-resources directory // 4. the pod-resources directory
// 5. the checkpoint directory // 5. the checkpoint directory
func (kl *Kubelet) setupDataDirs() error { func (kl *Kubelet) setupDataDirs() error {
kl.rootDirectory = filepath.Clean(kl.rootDirectory) if cleanedRoot := filepath.Clean(kl.rootDirectory); cleanedRoot != kl.rootDirectory {
return fmt.Errorf("rootDirectory not in canonical form: expected %s, was %s", cleanedRoot, kl.rootDirectory)
}
pluginRegistrationDir := kl.getPluginsRegistrationDir() pluginRegistrationDir := kl.getPluginsRegistrationDir()
pluginsDir := kl.getPluginsDir() pluginsDir := kl.getPluginsDir()
if err := os.MkdirAll(kl.getRootDir(), 0750); err != nil { if err := os.MkdirAll(kl.getRootDir(), 0750); err != nil {

3
pkg/kubelet/runonce_test.go
View File

@ -19,6 +19,7 @@ package kubelet
import ( import (
"context" "context"
"os" "os"
"path/filepath"
"testing" "testing"
"time" "time"
@ -81,7 +82,7 @@ func TestRunOnce(t *testing.T) {
} }
defer os.RemoveAll(basePath) defer os.RemoveAll(basePath)
kb := &Kubelet{ kb := &Kubelet{
rootDirectory: basePath, rootDirectory: filepath.Clean(basePath),
recorder: &record.FakeRecorder{}, recorder: &record.FakeRecorder{},
cadvisor: cadvisor, cadvisor: cadvisor,
nodeLister: testNodeLister{}, nodeLister: testNodeLister{},