jasder/runc - runc - 军科开源项目托管

Commit Graph

Author	SHA1	Message	Date
Michael Crosby	02e6427ecf	Do not prevent mounts in /sys Mounts in /sys like /sys/fs/cgroup are valid and should be allowed at the libcontainer level. Signed-off-by: Michael Crosby <crosbymichael@gmail.com>	2015-05-08 10:47:51 -07:00
Michael Crosby	e3e7c47123	Prohibit bind mounts into / Signed-off-by: Michael Crosby <crosbymichael@gmail.com>	2015-05-07 14:38:44 -07:00
Michael Crosby	3c25c9b9cf	Eval mount destination after each mount User specified mounts much be evaluated after each mount because symlinks in nested mounts can invalidate the next mount. Also check that any bind mounts are not inside /proc or /sys to ensure that we are able to mask over certian paths inside. Signed-off-by: Michael Crosby <crosbymichael@gmail.com>	2015-05-07 14:38:44 -07:00

Author

SHA1

Message

Date

Michael Crosby

02e6427ecf

Do not prevent mounts in /sys

Mounts in /sys like /sys/fs/cgroup are valid and should be allowed at
the libcontainer level.

Signed-off-by: Michael Crosby <crosbymichael@gmail.com>

2015-05-08 10:47:51 -07:00

Michael Crosby

e3e7c47123

Prohibit bind mounts into /

Signed-off-by: Michael Crosby <crosbymichael@gmail.com>

2015-05-07 14:38:44 -07:00

Michael Crosby

3c25c9b9cf

Eval mount destination after each mount

User specified mounts much be evaluated after each mount because
symlinks in nested mounts can invalidate the next mount.

Also check that any bind mounts are not inside /proc or /sys to ensure
that we are able to mask over certian paths inside.

Signed-off-by: Michael Crosby <crosbymichael@gmail.com>

2015-05-07 14:38:44 -07:00

3 Commits