On Tue, Apr 28, 2015 at 10:45:25AM -0400, Colin Walters wrote:
> > This isolates all the Docker operations
> > inside a "atomic.dockerapi" module
>
> This isn't exactly your fault but the pervasive use of shell=True
> without quoting arguments gives me the willies.
Yeah, me too, but I'm not sure there's a good alternative. What we
get back from the LABEL directives is a string, and we want to support
(well, I *think* we want to support) standard shell environment
variable substitution, etc.
If we impose limits on these things, we can break out, e.g.,
shlex.split() and dump shell=True. We could supply the environment as
additional arguments to the formatting function so that instead of
$SOME_ENV_VAR you would write {SOME_ENV_VAR}, etc...there are a
variety of tweaks that can be made in this area.
That said, I'm less concerned about shell=True than I would be in
general, because if you're permitting someone to run arbitrary Docker
command lines you have already handed over the keys to your system.
> So how do we move forward? Seems like we need to get the
> current /usr/bin/atomic contributors to agree on some of these
> changes and code direction?
Something like that, yup. I posted to this list hoping it would be a
good place to engage with all the interested parties. I am happy to
take the discussion elsewhere if there is a more appropriate forum.
--
Lars Kellogg-Stedman <lars redhat com> | larsks @ {freenode,twitter,github}
Cloud Engineering / OpenStack | http://blog.oddbit.com/
Attachment:
signature.asc
Description: PGP signature