Revision 5f4bec2224d0c7a68ae682c4e8afb211dd2351e0 authored by Tom Payne on 01 February 2022, 15:58:59 UTC, committed by Jussi Mäki on 09 February 2022, 14:34:46 UTC
[ upstream commit 422d7fc95c7bdb5acf37094b47a2ed92cc245fd3 ] Cilium treats label patterns as regular expressions. The existing default labels, e.g. "!k8s.io", used a '.', which matches any character. This led to the default labels being too permissive in their matching and consequently labels like "k8sXo" being excluded from the identity, with consequent security implications. This commit properly escapes the regular expressions used in the default labels. Signed-off-by: Tom Payne <tom@isovalent.com> Signed-off-by: Jussi Maki <jussi@isovalent.com>
1 parent c8a5d8b
| File | Mode | Size |
|---|---|---|
| .github | ||
| .travis | ||
| Documentation | ||
| api | ||
| bpf | ||
| bugtool | ||
| cilium | ||
| cilium-health | ||
| clustermesh-apiserver | ||
| contrib | ||
| daemon | ||
| envoy | ||
| examples | ||
| hack | ||
| hubble-relay | ||
| images | ||
| install | ||
| jenkinsfiles | ||
| operator | ||
| pkg | ||
| plugins | ||
| proxylib | ||
| test | ||
| tests | ||
| tools | ||
| vendor | ||
| .authors.aux | -rw-r--r-- | 416 bytes |
| .dockerignore | -rw-r--r-- | 1.1 KB |
| .gitattributes | -rw-r--r-- | 236 bytes |
| .gitignore | -rw-r--r-- | 1.3 KB |
| .gitmodules | -rw-r--r-- | 0 bytes |
| .golangci.yaml | -rw-r--r-- | 3.2 KB |
| .mailmap | -rw-r--r-- | 3.6 KB |
| .travis.yml | -rw-r--r-- | 1.1 KB |
| AUTHORS | -rw-r--r-- | 16.9 KB |
| CHANGELOG.md | -rw-r--r-- | 148.1 KB |
| CODEOWNERS | -rw-r--r-- | 1.6 KB |
| CONTRIBUTING.md | -rw-r--r-- | 227 bytes |
| Dockerfile | -rw-r--r-- | 3.0 KB |
| Dockerfile.builder | -rw-r--r-- | 1.2 KB |
| FURTHER_READINGS.rst | -rw-r--r-- | 4.9 KB |
| GO_VERSION | -rw-r--r-- | 8 bytes |
| Jenkinsfile.nightly | l--------- | 32 bytes |
| LICENSE | -rw-r--r-- | 11.1 KB |
| MAINTAINERS.rst | -rw-r--r-- | 2.4 KB |
| Makefile | -rw-r--r-- | 23.0 KB |
| Makefile.buildkit | -rw-r--r-- | 4.1 KB |
| Makefile.defs | -rw-r--r-- | 5.6 KB |
| Makefile.docker | -rw-r--r-- | 9.6 KB |
| Makefile.quiet | -rw-r--r-- | 718 bytes |
| README.rst | -rw-r--r-- | 15.7 KB |
| SECURITY.md | -rw-r--r-- | 615 bytes |
| USERS.md | -rw-r--r-- | 6.1 KB |
| VERSION | -rw-r--r-- | 7 bytes |
| Vagrantfile | -rw-r--r-- | 12.6 KB |
| cilium-dev.Dockerfile | -rw-r--r-- | 1.4 KB |
| cilium-dev.Dockerfile.dockerignore | -rw-r--r-- | 931 bytes |
| cilium-docker-plugin.Dockerfile | -rw-r--r-- | 645 bytes |
| cilium-operator-aws.Dockerfile | -rw-r--r-- | 1.5 KB |
| cilium-operator-azure.Dockerfile | -rw-r--r-- | 1.5 KB |
| cilium-operator-generic.Dockerfile | -rw-r--r-- | 1.5 KB |
| cilium-operator.Dockerfile | -rw-r--r-- | 1.5 KB |
| clustermesh-apiserver.Dockerfile | -rw-r--r-- | 1.6 KB |
| docs.Jenkinsfile | l--------- | 29 bytes |
| flannel.Jenkinsfile | l--------- | 32 bytes |
| ginkgo-kubernetes-all.Jenkinsfile | l--------- | 46 bytes |
| ginkgo.Jenkinsfile | l--------- | 31 bytes |
| go.mod | -rw-r--r-- | 5.3 KB |
| go.sum | -rw-r--r-- | 103.0 KB |
| hubble-relay.Dockerfile | -rw-r--r-- | 1.4 KB |
| kubernetes-upstream.Jenkinsfile | l--------- | 44 bytes |
| netlify.toml | -rw-r--r-- | 92 bytes |
| vagrant_box_defaults.rb | -rw-r--r-- | 391 bytes |
Computing file changes ...
