[pve-devel] [PATCH container] oci restore: allow tabs in oci config

Tue Nov 18 12:02:58 CET 2025

it is fairly common to use tabs in oci configs. for example, the php
oci image from docker uses them quite extensively [1]. so exclude them
from the control characters we check for.

[1]:
https://github.com/docker-library/php/blob/8e01ffe94ed4ccca7c0a37be6dcb45995cf5d93b/8.3/trixie/apache/Dockerfile#L20

Signed-off-by: Shannon Sterz <s.sterz at proxmox.com>
---
noticed this while trying to set up a nextcloud image from docker hub
[2]. we might want toe rename the helper here now though, as we don't
check for *all* control characters anymore.

[2]: https://hub.docker.com/layers/library/nextcloud/stable/images/sha256-53a2c0408d18831a526a5587f621090e6a8125209912a909e67b7e48a3140f2f

 src/PVE/LXC/Create.pm | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/src/PVE/LXC/Create.pm b/src/PVE/LXC/Create.pm
index 2382118..38af76d 100644
--- a/src/PVE/LXC/Create.pm
+++ b/src/PVE/LXC/Create.pm
@@ -682,7 +682,7 @@ sub restore_oci_archive {
     );

     # should we rather validate this on the rust side already?
-    my $has_ctrl_char = sub { return $_[0] =~ /[\x00-\x1F\x7F]/; };
+    my $has_ctrl_char = sub { return $_[0] =~ /[\x00-\x08\x10-\x1F\x7F]/; };
     my $oci_config_get_checked_scalar = sub {
         my ($key) = @_;
         my $value = $unsafe_oci_config->{$key} // return;
--
2.47.3



