Skip to content

fix: avoid deleting root filesystem when KANIKO_DIR not set #160

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 4 commits into from
Apr 29, 2024
Merged

fix: avoid deleting root filesystem when KANIKO_DIR not set #160

merged 4 commits into from
Apr 29, 2024

Conversation

johnstcn
Copy link
Member

@johnstcn johnstcn commented Apr 29, 2024
edited
Loading

Fixes #144

Running envbuilder outside of a container as root can result in it nuking your entire FS if you're not careful.

Adds a check if KANIKO_DIR is not set to MagicDir (a.k.a. /.envbuilder) and bails early.
This behaviour can be overridden with FORCE_SAFE=true.

@johnstcn johnstcn self-assigned this Apr 29, 2024
@johnstcn johnstcn force-pushed the cj/check-kaniko-dir branch from e334b62 to ee43ba7 Compare April 29, 2024 13:37
dannykopping
dannykopping approved these changes Apr 29, 2024
View reviewed changes
Copy link
Contributor

@dannykopping dannykopping left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM

mafredri
mafredri approved these changes Apr 29, 2024
View reviewed changes
README.md
> **Note:** Envbuilder performs destructive filesystem operations! To guard against accidental data
> loss, it will refuse to run if it detects that KANIKO_DIR is not set to a specific value.
> If you need to bypass this behaviour for any reason, you can bypass this safety check by setting
> `FORCE_SAFE=true`.
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I'd love for us to start using the ENVBUILDER_ prefix for our envs, can we start now?

Copy link
Member Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I'll do this in a separate PR. This isn't a new option, it's been there all the time but not doing anything.

envbuilder.go

// maybeDeleteFilesystem wraps util.DeleteFilesystem with a guard to hopefully stop
// folks from unwittingly deleting their entire root directory.
func maybeDeleteFilesystem(force bool) error {
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I love this name ❤️

Copy link
Member Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

It's technically correct!

@johnstcn johnstcn merged commit c502632 into main Apr 29, 2024
4 checks passed
@johnstcn johnstcn deleted the cj/check-kaniko-dir branch April 29, 2024 15:44
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@mafredri mafredri mafredri approved these changes

@dannykopping dannykopping dannykopping approved these changes

Assignees

@johnstcn johnstcn

Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

Running envbuilder CLI on a local laptop may destroy the filesystem
3 participants
@johnstcn @mafredri @dannykopping