Merge pull request #1702 from crosbymichael/chroot

chroot when no mount namespaces is provided
This commit is contained in:
Mrunal Patel 2018-02-07 10:09:35 -08:00 committed by GitHub
commit 6e15bc3f92
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
2 changed files with 9 additions and 8 deletions

View File

@ -100,8 +100,10 @@ func prepareRootfs(pipe io.ReadWriter, iConfig *initConfig) (err error) {
if config.NoPivotRoot { if config.NoPivotRoot {
err = msMoveRoot(config.Rootfs) err = msMoveRoot(config.Rootfs)
} else { } else if config.Namespaces.Contains(configs.NEWNS) {
err = pivotRoot(config.Rootfs) err = pivotRoot(config.Rootfs)
} else {
err = chroot(config.Rootfs)
} }
if err != nil { if err != nil {
return newSystemErrorWithCause(err, "jailing process inside rootfs") return newSystemErrorWithCause(err, "jailing process inside rootfs")
@ -702,6 +704,10 @@ func msMoveRoot(rootfs string) error {
if err := unix.Mount(rootfs, "/", "", unix.MS_MOVE, ""); err != nil { if err := unix.Mount(rootfs, "/", "", unix.MS_MOVE, ""); err != nil {
return err return err
} }
return chroot(rootfs)
}
func chroot(rootfs string) error {
if err := unix.Chroot("."); err != nil { if err := unix.Chroot("."); err != nil {
return err return err
} }

View File

@ -65,14 +65,9 @@ func (l *linuxStandardInit) Init() error {
} }
label.Init() label.Init()
// prepareRootfs() can be executed only for a new mount namespace.
if l.config.Config.Namespaces.Contains(configs.NEWNS) {
if err := prepareRootfs(l.pipe, l.config); err != nil { if err := prepareRootfs(l.pipe, l.config); err != nil {
return err return err
} }
}
// Set up the console. This has to be done *before* we finalize the rootfs, // Set up the console. This has to be done *before* we finalize the rootfs,
// but *after* we've given the user the chance to set up all of the mounts // but *after* we've given the user the chance to set up all of the mounts
// they wanted. // they wanted.