jasder
/
runc
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity

Merge pull request #452 from hqhq/hq_bindmount_whitelist 

Add white list for bind mount check
This commit is contained in:
Mrunal Patel 2016-01-06 11:16:10 -08:00
parent 5c46b9d438 9c1242ecba
commit 4fda64bc07
1 changed files with 18 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

18
libcontainer/rootfs_linux.go
View File

@ -299,6 +299,24 @@ func checkMountDestination(rootfs, dest string) error {
invalidDestinations := []string{ invalidDestinations := []string{
"/proc", "/proc",
} }
// White list, it should be sub directories of invalid destinations
validDestinations := []string{
// These entries can be bind mounted by files emulated by fuse,
// so commands like top, free displays stats in container.
"/proc/cpuinfo",
"/proc/diskstats",
"/proc/meminfo",
"/proc/stats",
}
for _, valid := range validDestinations {
path, err := filepath.Rel(filepath.Join(rootfs, valid), dest)
if err != nil {
return err
}
if path == "." {
return nil
}
}
for _, invalid := range invalidDestinations { for _, invalid := range invalidDestinations {
path, err := filepath.Rel(filepath.Join(rootfs, invalid), dest) path, err := filepath.Rel(filepath.Join(rootfs, invalid), dest)
if err != nil { if err != nil {