Skip to content

Naming a task alloc is bad but allowed #26999

New issue
New issue
Closed
#27001
Closed
Naming a task alloc is bad but allowed#26999
#27001
Assignees
jrasell
Labels
hcc/jirastage/acceptedConfirmed, and intend to work on. No timeline committment though.theme/clienttheme/securitytype/bug
@michaz

Description

@michaz
michaz
opened on Oct 28, 2025

Nomad does not validate task names against alloc as a reserved directory name, which breaks filesystem isolation between tasks.

The Allocation Working Directory looks like this:

  /
    task1/          
    task2/         
    alloc/

Now if I choose to name a task alloc, everything gets messed up in exactly the expected way, which is that alloc the task directory and alloc the shared directory are the same, and task1 and task2 can read/write that task's stuff. I tried this.

Calling this a security issue would be a stretch because it does require much deliberate effort by the operator to make happen, but it doesn't seem quite right either, since it is an actual broken promise about file system isolation.

Maybe alloc should simply not be a permitted name for a task?

Metadata

Metadata

Assignees

Labels

hcc/jirastage/acceptedConfirmed, and intend to work on. No timeline committment though.theme/clienttheme/securitytype/bug

Type

No type

Projects

Nomad - Community Issues Triage

Status

Done

Milestone

No milestone

Relationships

None yet

Development

No branches or pull requests

Issue actions