Skip to content

fix: avoid deleting root filesystem when KANIKO_DIR not set#160

Merged
johnstcn merged 4 commits intomainfrom
cj/check-kaniko-dir
Apr 29, 2024
Merged

fix: avoid deleting root filesystem when KANIKO_DIR not set#160
johnstcn merged 4 commits intomainfrom
cj/check-kaniko-dir

Conversation

@johnstcn
Copy link
Member

@johnstcn johnstcn commented Apr 29, 2024
edited
Loading

Fixes #144

Running envbuilder outside of a container as root can result in it nuking your entire FS if you're not careful.

Adds a check if KANIKO_DIR is not set to MagicDir (a.k.a. /.envbuilder) and bails early.
This behaviour can be overridden with FORCE_SAFE=true.

@johnstcn johnstcn self-assigned this Apr 29, 2024
@johnstcn johnstcn force-pushed the cj/check-kaniko-dir branch from e334b62 to ee43ba7 Compare April 29, 2024 13:37
dannykopping
dannykopping approved these changes Apr 29, 2024
View reviewed changes
Copy link
Contributor

@dannykopping dannykopping left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM

mafredri
mafredri approved these changes Apr 29, 2024
View reviewed changes
README.md
> **Note:** Envbuilder performs destructive filesystem operations! To guard against accidental data
> loss, it will refuse to run if it detects that KANIKO_DIR is not set to a specific value.
> If you need to bypass this behaviour for any reason, you can bypass this safety check by setting
> `FORCE_SAFE=true`.
Copy link
Member

@mafredri mafredri Apr 29, 2024

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I'd love for us to start using the ENVBUILDER_ prefix for our envs, can we start now?

Copy link
Member Author

@johnstcn johnstcn Apr 29, 2024

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I'll do this in a separate PR. This isn't a new option, it's been there all the time but not doing anything.

envbuilder.go

// maybeDeleteFilesystem wraps util.DeleteFilesystem with a guard to hopefully stop
// folks from unwittingly deleting their entire root directory.
func maybeDeleteFilesystem(force bool) error {
Copy link
Member

@mafredri mafredri Apr 29, 2024

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I love this name ❤️

Copy link
Member Author

@johnstcn johnstcn Apr 29, 2024

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

It's technically correct!

@johnstcn johnstcn merged commit c502632 into main Apr 29, 2024
@johnstcn johnstcn deleted the cj/check-kaniko-dir branch April 29, 2024 15:44
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@mafredri mafredri mafredri approved these changes

@dannykopping dannykopping dannykopping approved these changes

Assignees

@johnstcn johnstcn

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

Running envbuilder CLI on a local laptop may destroy the filesystem

3 participants

@johnstcn @mafredri @dannykopping