* [pve-devel] [PATCH container] oci restore: allow tabs in oci config
@ 2025-11-18 11:02 Shannon Sterz
2025-11-18 12:19 ` [pve-devel] applied: " Thomas Lamprecht
0 siblings, 1 reply; 2+ messages in thread
From: Shannon Sterz @ 2025-11-18 11:02 UTC (permalink / raw)
To: pve-devel
it is fairly common to use tabs in oci configs. for example, the php
oci image from docker uses them quite extensively [1]. so exclude them
from the control characters we check for.
[1]:
https://github.com/docker-library/php/blob/8e01ffe94ed4ccca7c0a37be6dcb45995cf5d93b/8.3/trixie/apache/Dockerfile#L20
Signed-off-by: Shannon Sterz <s.sterz@proxmox.com>
---
noticed this while trying to set up a nextcloud image from docker hub
[2]. we might want toe rename the helper here now though, as we don't
check for *all* control characters anymore.
[2]: https://hub.docker.com/layers/library/nextcloud/stable/images/sha256-53a2c0408d18831a526a5587f621090e6a8125209912a909e67b7e48a3140f2f
src/PVE/LXC/Create.pm | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/src/PVE/LXC/Create.pm b/src/PVE/LXC/Create.pm
index 2382118..38af76d 100644
--- a/src/PVE/LXC/Create.pm
+++ b/src/PVE/LXC/Create.pm
@@ -682,7 +682,7 @@ sub restore_oci_archive {
);
# should we rather validate this on the rust side already?
- my $has_ctrl_char = sub { return $_[0] =~ /[\x00-\x1F\x7F]/; };
+ my $has_ctrl_char = sub { return $_[0] =~ /[\x00-\x08\x10-\x1F\x7F]/; };
my $oci_config_get_checked_scalar = sub {
my ($key) = @_;
my $value = $unsafe_oci_config->{$key} // return;
--
2.47.3
_______________________________________________
pve-devel mailing list
pve-devel@lists.proxmox.com
https://lists.proxmox.com/cgi-bin/mailman/listinfo/pve-devel
^ permalink raw reply [flat|nested] 2+ messages in thread
* [pve-devel] applied: [PATCH container] oci restore: allow tabs in oci config
2025-11-18 11:02 [pve-devel] [PATCH container] oci restore: allow tabs in oci config Shannon Sterz
@ 2025-11-18 12:19 ` Thomas Lamprecht
0 siblings, 0 replies; 2+ messages in thread
From: Thomas Lamprecht @ 2025-11-18 12:19 UTC (permalink / raw)
To: pve-devel, Shannon Sterz
On Tue, 18 Nov 2025 12:02:58 +0100, Shannon Sterz wrote:
> it is fairly common to use tabs in oci configs. for example, the php
> oci image from docker uses them quite extensively [1]. so exclude them
> from the control characters we check for.
>
> [1]:
> https://github.com/docker-library/php/blob/8e01ffe94ed4ccca7c0a37be6dcb45995cf5d93b/8.3/trixie/apache/Dockerfile#L20
>
> [...]
Applied, thanks!
I also adapted the config schema for env an entrypoint in a follow-up to allow
tabs in the values there too.
[1/1] oci restore: allow tabs in oci config
commit: f7b2a27ef94c0b382d35c9e03ed64884b8460017
_______________________________________________
pve-devel mailing list
pve-devel@lists.proxmox.com
https://lists.proxmox.com/cgi-bin/mailman/listinfo/pve-devel
^ permalink raw reply [flat|nested] 2+ messages in thread
end of thread, other threads:[~2025-11-18 12:20 UTC | newest]
Thread overview: 2+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2025-11-18 11:02 [pve-devel] [PATCH container] oci restore: allow tabs in oci config Shannon Sterz
2025-11-18 12:19 ` [pve-devel] applied: " Thomas Lamprecht
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox