update volume name regex

Disallow creating a volume starting with a /.

Signed-off-by: Jessica Frazelle <acidburn@docker.com>

utils/names.go

@@ -7,3 +7,6 @@ const RestrictedNameChars = `[a-zA-Z0-9][a-zA-Z0-9_.-]`
 
 // RestrictedNamePattern is a regular expression to validate names against the collection of restricted characters.
 var RestrictedNamePattern = regexp.MustCompile(`^/?` + RestrictedNameChars + `+$`)
+
+// RestrictedVolumeNamePattern is a regular expression to validate volume names against the collection of restricted characters.
+var RestrictedVolumeNamePattern = regexp.MustCompile(`^` + RestrictedNameChars + `+$`)

volume/local/local.go

@@ -31,7 +31,7 @@ var (
 	// volumeNameRegex ensures the name assigned for the volume is valid.
 	// This name is used to create the bind directory, so we need to avoid characters that
 	// would make the path to escape the root directory.
-	volumeNameRegex = utils.RestrictedNamePattern
+	volumeNameRegex = utils.RestrictedVolumeNamePattern
 )
 
 // New instantiates a new Root instance with the provided scope. Scope

volume/local/local_test.go

@@ -124,3 +124,24 @@ func TestCreate(t *testing.T) {
 		}
 	}
 }
+
+func TestValidateName(t *testing.T) {
+	r := &Root{}
+	names := map[string]bool{
+		"/testvol":    false,
+		"thing.d":     true,
+		"hello-world": true,
+		"./hello":     false,
+		".hello":      false,
+	}
+
+	for vol, expected := range names {
+		err := r.validateName(vol)
+		if expected && err != nil {
+			t.Fatalf("expected %s to be valid got %v", vol, err)
+		}
+		if !expected && err == nil {
+			t.Fatalf("expected %s to be invalid", vol)
+		}
+	}
+}