From 0f1d6772c69f0be56bc943f1e67979c3045bde0f Mon Sep 17 00:00:00 2001 From: Aleksa Sarai Date: Tue, 26 Apr 2016 00:15:17 +1000 Subject: [PATCH] libcontainer: rootfs: use CleanPath when comparing paths Comparisons with paths aren't really a good idea unless you're guaranteed that the comparison will work will all paths that resolve to the same lexical path as the compared path. Signed-off-by: Aleksa Sarai --- libcontainer/rootfs_linux.go | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/libcontainer/rootfs_linux.go b/libcontainer/rootfs_linux.go index fe1db75e..568dbf06 100644 --- a/libcontainer/rootfs_linux.go +++ b/libcontainer/rootfs_linux.go @@ -28,7 +28,7 @@ const defaultMountFlags = syscall.MS_NOEXEC | syscall.MS_NOSUID | syscall.MS_NOD // needsSetupDev returns true if /dev needs to be set up. func needsSetupDev(config *configs.Config) bool { for _, m := range config.Mounts { - if m.Device == "bind" && (m.Destination == "/dev" || m.Destination == "/dev/") { + if m.Device == "bind" && libcontainerUtils.CleanPath(m.Destination) == "/dev" { return false } } @@ -95,7 +95,7 @@ func setupRootfs(config *configs.Config, console *linuxConsole, pipe io.ReadWrit } // remount dev as ro if specifed for _, m := range config.Mounts { - if m.Destination == "/dev" { + if libcontainerUtils.CleanPath(m.Destination) == "/dev" { if m.Flags&syscall.MS_RDONLY != 0 { if err := remountReadonly(m.Destination); err != nil { return newSystemErrorWithCausef(err, "remounting %q as readonly", m.Destination) @@ -713,7 +713,7 @@ func mountPropagate(m *configs.Mount, rootfs string, mountLabel string) error { data = label.FormatMountLabel(m.Data, mountLabel) flags = m.Flags ) - if dest == "/dev" { + if libcontainerUtils.CleanPath(dest) == "/dev" { flags &= ^syscall.MS_RDONLY } if !strings.HasPrefix(dest, rootfs) {