On Tue, Apr 28, 2015 at 10:45:25AM -0400, Colin Walters wrote: > > This isolates all the Docker operations > > inside a "atomic.dockerapi" module > > This isn't exactly your fault but the pervasive use of shell=True > without quoting arguments gives me the willies. Yeah, me too, but I'm not sure there's a good alternative. What we get back from the LABEL directives is a string, and we want to support (well, I *think* we want to support) standard shell environment variable substitution, etc. If we impose limits on these things, we can break out, e.g., shlex.split() and dump shell=True. We could supply the environment as additional arguments to the formatting function so that instead of $SOME_ENV_VAR you would write {SOME_ENV_VAR}, etc...there are a variety of tweaks that can be made in this area. That said, I'm less concerned about shell=True than I would be in general, because if you're permitting someone to run arbitrary Docker command lines you have already handed over the keys to your system. > So how do we move forward? Seems like we need to get the > current /usr/bin/atomic contributors to agree on some of these > changes and code direction? Something like that, yup. I posted to this list hoping it would be a good place to engage with all the interested parties. I am happy to take the discussion elsewhere if there is a more appropriate forum. -- Lars Kellogg-Stedman <lars redhat com> | larsks @ {freenode,twitter,github} Cloud Engineering / OpenStack | http://blog.oddbit.com/
Attachment:
signature.asc
Description: PGP signature