jasder
/
runc
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity

linux: drop check for /proc as invalid dest 

it is now allowed to bind mount /proc.  This is useful for rootless
containers when the PID namespace is shared with the host.

Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
This commit is contained in:
Giuseppe Scrivano 2018-06-29 17:13:45 +02:00
parent ad0f525506
commit 636b664027
No known key found for this signature in database
GPG Key ID: E4730F97F60286ED
2 changed files with 10 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
libcontainer/rootfs_linux.go
View File

@ -413,7 +413,7 @@ func checkMountDestination(rootfs, dest string) error {
if err != nil {
return err
}
if path == "." || !strings.HasPrefix(path, "..") {
if path != "." && !strings.HasPrefix(path, "..") {
return fmt.Errorf("%q cannot be mounted because it is located inside %q", dest, invalid)
}
}

10
libcontainer/rootfs_linux_test.go
View File

@ -9,13 +9,21 @@ import (
)
func TestCheckMountDestOnProc(t *testing.T) {
dest := "/rootfs/proc/"
dest := "/rootfs/proc/sys"
err := checkMountDestination("/rootfs", dest)
if err == nil {
t.Fatal("destination inside proc should return an error")
}
}
func TestCheckMountDestOnProcChroot(t *testing.T) {
dest := "/rootfs/proc/"
err := checkMountDestination("/rootfs", dest)
if err != nil {
t.Fatal("destination inside proc when using chroot should not return an error")
}
}
func TestCheckMountDestInSys(t *testing.T) {
dest := "/rootfs//sys/fs/cgroup"
err := checkMountDestination("/rootfs", dest)