Allow passing sub-directories of custom volumes #993
Comments
stgraber
added a commit
to stgraber/incus
that referenced
this issue
Aug 8, 2024
Closes lxc#993 Signed-off-by: Stéphane Graber <[email protected]>
stgraber
added a commit
to stgraber/incus
that referenced
this issue
Aug 8, 2024
The general logic is pretty straightforward, we allow the `source` property to include both the volume name and then a relative path to that volume. The tricky part is to do this safely as the user will be in control of the volume and so can create dangerous symlinks in there, trying to trick us into reading data from the host. Carefuly use of Openat2 allows us to restrict resolution in a race-free way. Closes lxc#993 Signed-off-by: Stéphane Graber <[email protected]>
stgraber
added a commit
that referenced
this issue
Aug 8, 2024
The general logic is pretty straightforward, we allow the `source` property to include both the volume name and then a relative path to that volume. The tricky part is to do this safely as the user will be in control of the volume and so can create dangerous symlinks in there, trying to trick us into reading data from the host. Carefuly use of Openat2 allows us to restrict resolution in a race-free way. Closes #993 Signed-off-by: Stéphane Graber <[email protected]>
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Something that'd be particularly useful now that we support application containers is to be able to pass in a specific directory from within a custom volume as a disk for a container.
This would then allow creating a single custom volume that holds the configuration/data of multiple application containers. The whole volume can then be passed to a system container so that configuration/backups/whatever can be performed from there.
The text was updated successfully, but these errors were encountered: