[lxc-devel] [PATCH] Validate container name during creation
Serge Hallyn
serge.hallyn at ubuntu.com
Thu Feb 5 17:40:54 UTC 2015
Quoting Robert Vogelgesang (vogel at users.sourceforge.net):
> Hello,
>
> On Thu, Feb 05, 2015 at 05:50:39PM +0200, Joel Nider wrote:
> > The name used to identify the container on the host is also used as the
> > host
> > name of the container itself. Therefore, the name should be restricted to
> > a
> > legal Linux hostname, which is specified in RFC 1123
Thanks for the patch, Joel. One other comment below.
> no, this should not be the job of the lxc create API, IMHO.
> It's the template script that re-uses the container name as the
> container's hostname, so it should be the template's job to ensure
> the name conforms to the rules.
>
> I don't mind checking the value of the configuration item lxc.utsname,
> which actually defines the container's hostname, according to the
> RFC 1123 rules, but please don't do this for the container's name.
So you're suggesting using the same validate_hostname() function
at src/lxc/confile.c:config_utsname() ?
That should still end up being caught at lxc-create since we re-read
the config file at the end of lxcapi_create().
> Robert
>
> > (http://tools.ietf.org/html/rfc1123#page-13). Basically it says the host
> > name
> > is composed of up to 63 alphanumeric ASCII characters (case insensitive)
> > as
> > well as '-'.
> >
> > See this thread for more details:
> > https://lists.linuxcontainers.org/pipermail/lxc-devel/2014-December/011007.html
> >
> > Signed-off-by: Joel Nider <joeln at il.ibm.com>
> > ---
> > src/lxc/lxccontainer.c | 42 +++++++++++++++++++++++++++++++++++++++++-
> > 1 file changed, 41 insertions(+), 1 deletion(-)
> >
> > diff --git a/src/lxc/lxccontainer.c b/src/lxc/lxccontainer.c
> > index e02ee93..7cba771 100644
> > --- a/src/lxc/lxccontainer.c
> > +++ b/src/lxc/lxccontainer.c
> > @@ -36,6 +36,7 @@
> > #include <stdint.h>
> > #include <grp.h>
> > #include <sys/syscall.h>
> > +#include <ctype.h>
> >
> > #include <lxc/lxccontainer.h>
> > #include <lxc/version.h>
> > @@ -66,7 +67,7 @@
> > #endif
> >
> > #define MAX_BUFFER 4096
> > -
> > +#define MAX_LENGTH_HOSTNAME 63
> > #define NOT_SUPPORTED_ERROR "the requested function %s is not currently
> > supported with unprivileged containers"
> >
> > /* Define faccessat() if missing from the C library */
> > @@ -190,6 +191,37 @@ static void remove_partial(struct lxc_container *c,
> > int fd)
> > SYSERROR("Error unlink partial file %s", path);
> > }
> >
> > +/* Ensure requested hostname follows RFC 1123
> > + * In our case, that means simple host name (not FQDN)
> > + * characters in the set {[A-Z], [0-9], '-'} (no '.')
> > + * maximum length of 63 characters
> > + */
> > +static int validate_hostname(struct lxc_container *c)
> > +{
> > + char *a;
> > + int count = 0;
> > +
> > + if (!c)
> > + return MAX_LENGTH_HOSTNAME;
> > +
> > + a = c->name;
> > + while (*a) {
> > + count++;
> > + if (count > MAX_LENGTH_HOSTNAME)
> > + return MAX_LENGTH_HOSTNAME;
> > +
> > + if (!(isalnum(*a) | (*a == '-')))
Would prefer to see this as
if (!valid_hostname_char(*a))
return count;
with valid_hostname_char(const char a) {
if (isalnum(a))
return true;
if (a == '-')
return true;
return false;
}
above.
> > + return count;
> > +
> > + a++;
> > + }
> > +
> > + if (count == 0)
> > + return MAX_LENGTH_HOSTNAME;
> > +
> > + return 0;
> > +}
> > +
> > /* LOCKING
> > * 1. container_mem_lock(c) protects the struct lxc_container from
> > multiple threads.
> > * 2. container_disk_lock(c) protects the on-disk container data - in
> > particular the
> > @@ -1235,6 +1267,7 @@ static bool lxcapi_create(struct lxc_container *c,
> > const char *t,
> > pid_t pid;
> > char *tpath = NULL;
> > int partial_fd;
> > + int err;
> >
> > if (!c)
> > return false;
> > @@ -1247,6 +1280,13 @@ static bool lxcapi_create(struct lxc_container *c,
> > const char *t,
> > }
> > }
> >
> > + /* validate the container name */
> > + err = validate_hostname(c);
> > + if (err) {
> > + ERROR("Invalid hostname: %s (character %i)", c->name, err);
> > + goto out;
> > + }
> > +
> > /*
> > * If a template is passed in, and the rootfs already is defined
> > in
> > * the container config and exists, then * caller is trying to
> > create
> > --
> > 1.9.1
> >
> >
> >
> > Joel Nider
> > Virtualization Research
> > IBM Research and Development
> > Haifa Research Lab
> >
> > Phone: 972-4-829-6326 | Mobile: 972-54-3155635
> > E-mail: JOELN at il.ibm.com
> >
> >
> >
> > _______________________________________________
> > lxc-devel mailing list
> > lxc-devel at lists.linuxcontainers.org
> > http://lists.linuxcontainers.org/listinfo/lxc-devel
> _______________________________________________
> lxc-devel mailing list
> lxc-devel at lists.linuxcontainers.org
> http://lists.linuxcontainers.org/listinfo/lxc-devel
More information about the lxc-devel
mailing list