Reid Priedhorsky

If it helps, I could enumerate all the link stuff Charliecloud does when unpacking images. E.g. I know we disallow symlinks that climb outside the image, and I know we...

> disallow [relative] symlinks that climb outside the image FWIW the reasoning here is: 1. Charliecloud stores images as unpacked directories, and symlinks shouldn't point outside the image even when...

> I'm not sure it's fair to say that they don't make sense -- Unix's behaviour when dealing with `../../../` symlinks in `/` is very well-defined. Well, “well-defined” and “makes...

Regarding link validation in Charliecloud, this is what I found. To be clear we have not been pursuing OCI compliance, though it would be a nice bonus if we can...

> look at the document posted above Yes, I'll look now.

I should mention I'm by no means an expert here — I just know symlinks have a number of subtleties and have frequently led to security problems, and the Charliecloud...

> it looks like Charliecloud will allow hard links given that they are pointing inside the top level (does that mean the top layer)? “Top level” here means the container...

It's worth pointing out that most registries already do this. I've only encountered one that didn't, though I forget which one.

I guess I'd prefer an argument based on what we actually want to do, rather than a bare reference to the standards. For example, a few minutes on Google suggests...

> I see it is using ubuntu 22.04. I do know that Charliecloud had (or has) an issue with that version, @reidpr can give context and insight on whether it...