Unable to use "mount all" when a container exists with a $ sign in the name (like "$web")

[angrygreenfrogs]

We have a storage account that has a container named "$web" within it.

I believe this is very simply an issue where something is probably catching "$web" and interpreting it as a variable rather than being properly escaped.

Configuration

vi /etc/blobfuse2/config.yaml
#
# Refer ./setup/baseConfig.yaml for full set of config parameters
logging:
  type: syslog
  level: log_debug

components:
  - libfuse
  - file_cache
  - attr_cache
  - azstorage

libfuse:
  attribute-expiration-sec: 120
  entry-expiration-sec: 120
  negative-entry-expiration-sec: 240

file_cache:
  path: /mnt/blobfuse2tmp
  timeout-sec: 120
  max-size-mb: 4096

attr_cache:
  timeout-sec: 7200

azstorage:
  type: block
  account-name: MYACCOUNT
  sas: MYSAS
  mode: sas
#  

Test commands

mkdir ./test
blobfuse2 mount all ./test --read-only=true --config-file=/etc/blobfuse2/config.yaml

Result

Mounting container : $web to path  test/$web
Failed to mount container $web : Error: invalid config file [open /root/.blobfuse2/config_.yaml: no such file or directory]

If you look in /root/.blobfuse2, you'll see these files:

total 20
drwxr-xr-x  2 root root 4096 Feb 13 01:47  ./
drwx------ 18 root root 4096 Feb 13 01:44  ../
-rw-r--r--  1 root root    4 Feb 13 01:47  _home_admin_k_inventory.pid
-rw-r--r--  1 root root  654 Feb 13 01:47 'config_$web.yaml'
-rw-r--r--  1 root root  669 Feb 13 01:47  config_inventory.yaml

The other container "inventory" mounts successfully.

As you can see above, blobfuse2 is complaining about "/root/.blobfuse2/config_.yaml" not existing, but there is a file called 'config_$web.yaml', so I bet $web is not being escaped in some internal command and results in a blank value being used.

[jainakanksha-msft]

@angrygreenfrogs, in blobfuse mount command, the config file name can be provided as a variable, and blobfuse resolve that variable first before running the command.
This is what's happening in your case.
$web is being considered a variable, which is being replaced by an empty value.
Are there any specific use case for using special character in your container name?

[angrygreenfrogs]

Thanks for the reply!

Apologies, but I don't believe that's entirely accurate.... I'm with you that the problem in my case is that my "$web" container is being incorrectly interpreted as a variable (which is blank in the environment), but I still believe this is a bug.

I've even found that I can work-around this issue in a hacky way by exporting a variable with that name, which tricks the executed shell command into working

web='$web'
export web
blobfuse2 mount all ./test --read-only=true --config-file=/etc/blobfuse2/config.yaml

I've never really done much with Go, but I suspect the problem is inside mountAllContainers(), which calls updateCliParams() to process CLI parameters that are called with exec.Command to execute the individual mount commands.

I believe this is simply a lack of escaping the parameters correctly - effectively allowing a shell injection issue.

It's not uncommon to have container names like $web - that's the default container name used by Azure for serving static web content from a storage container (which is what our container is being used for).

For example: https://learn.microsoft.com/en-us/azure/storage/blobs/storage-blob-static-website

[jainakanksha-msft]

This failure not only comes with mountall command.
Even the command blobfuse2 mount ./test --read-only=true --config-file=/home/abc/.blobfuse2/config_$web.yaml also fails.
Reason being we resolve all the variables while evaluating the value of config_file.

[vibhansa-msft]

in case of mount all you have an option to exclude certain containers from mounting, did you try using that ?

[vibhansa-msft]

Did above suggestion help you in resolving the issue ? If so, kindly close this item here. If there are no updates for next couple of days we will close this item from our end,

[angrygreenfrogs]

Hi @vibhansa-msft - Thanks for checking, however, no that doesn't actually solve the problem/bug.

We could exclude containers like $web from being mounted, but we actually want those containers to be mounted for our use case, so that work-around doesn't really help.

Again, this seems like a legitimate bug where any container with a dollar sign in the name won't be handled correctly.

If it can't be fixed, then we'll just do our best with other work-arounds for now.

[vibhansa-msft]

I am able to mount "$web" independently (not using mount all). Let me validate if there is an issue specifically with mount all command or not.

[vibhansa-msft]

I see the issue is only when the config file name includes "$" in the path and shell or blobfuse tries to resolve that assuming its an env variable.