Fix path substitution to enable setting sysctls on vlan interfaces#779
Fix path substitution to enable setting sysctls on vlan interfaces#779dcbw merged 1 commit intocontainernetworking:mainfrom
Conversation
mmirecki
force-pushed
the
sysctl_on_vlan
branch
from
be73a6a to
e657ad7
Compare
|
/lgtm too. Thanks, @mmirecki ! |
To test it properly it would have to be tested with namespaces sysctl's, which is currently not doable with the current test framwork. Currently we test the sysctl's with "net.ipv4.conf.all" which would work here. |
|
@mmirecki this is a potential directory traversal issue, since we don't actually validate that IFNAME is sane. Can you check to make sure that IFNAME doesn't contain any "/"? We should also add a check to ensure that the resolved path doesn't escape |
mmirecki
force-pushed
the
sysctl_on_vlan
branch
from
e657ad7 to
81a6a3b
Compare
Added validateArgs to validate the interface name does not contain any path separators. |
This commit changes the order of substituting sysctl path to first handle . to / change, before substituting the interface name. This is needed as vlan interfaces have a . in the name, which should not be changed. Signed-off-by: mmirecki <[email protected]>
mmirecki
force-pushed
the
sysctl_on_vlan
branch
from
81a6a3b to
198ab12
Compare
|
@squeed could you please look again? Added the requested validation |
|
/lgtm |
Fix path substitution to enable setting sysctls on vlan interfaces
5 participants
This commit changes the order of substituting sysctl path to first handle . to / change, before substituting the interface name. This is needed as vlan interfaces have a . in the name, which should not be changed.