diff options
| author | Valentin Rothberg <rothberg@redhat.com> | 2021-10-27 17:30:37 +0200 |
|---|---|---|
| committer | Valentin Rothberg <rothberg@redhat.com> | 2021-11-08 10:17:06 +0100 |
| commit | 9e78185e372b170922dfdad80cede6b351750bb0 (patch) | |
| tree | 709651a3b890a52fe9ff4ebcdfec16b20395a9a5 | |
| parent | 75023e94823d62856aa81bfee605a67907d91438 (diff) | |
| download | podman-9e78185e372b170922dfdad80cede6b351750bb0.tar.gz podman-9e78185e372b170922dfdad80cede6b351750bb0.tar.bz2 podman-9e78185e372b170922dfdad80cede6b351750bb0.zip | |
volumes: be more tolerant and fix infinite loop
Make Podman more tolerant when parsing image volumes during container
creation and further fix an infinite loop when checking them.
Consider `VOLUME ['/etc/foo', '/etc/bar']` in a Containerfile. While
it looks correct to the human eye, the single quotes are wrong and yield
the two volumes to be `[/etc/foo,` and `/etc/bar]` in Podman and Docker.
When running the container, it'll create a directory `bar]` in `/etc`
and a directory `[` in `/` with two subdirectories `etc/foo,`. This
behavior is surprising to me but how Docker behaves. We may improve on
that in the future. Note that the correct way to syntax for volumes in
a Containerfile is `VOLUME /A /B /C` or `VOLUME ["/A", "/B", "/C"]`;
single quotes are not supported.
This change restores this behavior without breaking container creation
or ending up in an infinite loop.
BZ: https://bugzilla.redhat.com/show_bug.cgi?id=2014149
Signed-off-by: Valentin Rothberg <rothberg@redhat.com>
| -rw-r--r-- | libpod/container_path_resolution.go | 2 | ||||
| -rw-r--r-- | pkg/specgen/generate/storage.go | 3 | ||||
| -rw-r--r-- | test/system/070-build.bats | 9 |
3 files changed, 10 insertions, 4 deletions
diff --git a/libpod/container_path_resolution.go b/libpod/container_path_resolution.go index bb2ef1a73..7db23b783 100644 --- a/libpod/container_path_resolution.go +++ b/libpod/container_path_resolution.go @@ -161,7 +161,7 @@ func isPathOnBindMount(c *Container, containerPath string) bool { if cleanedContainerPath == filepath.Clean(m.Destination) { return true } - for dest := m.Destination; dest != "/"; dest = filepath.Dir(dest) { + for dest := m.Destination; dest != "/" && dest != "."; dest = filepath.Dir(dest) { if cleanedContainerPath == dest { return true } diff --git a/pkg/specgen/generate/storage.go b/pkg/specgen/generate/storage.go index de655ad7d..0218dce6a 100644 --- a/pkg/specgen/generate/storage.go +++ b/pkg/specgen/generate/storage.go @@ -214,9 +214,6 @@ func getImageVolumes(ctx context.Context, img *libimage.Image, s *specgen.SpecGe } for volume := range inspect.Config.Volumes { logrus.Debugf("Image has volume at %q", volume) - if err = parse.ValidateVolumeCtrDir(volume); err != nil { - return nil, nil, err - } cleanDest := filepath.Clean(volume) switch mode { case "", "anonymous": diff --git a/test/system/070-build.bats b/test/system/070-build.bats index 4e89e299a..44387d4fd 100644 --- a/test/system/070-build.bats +++ b/test/system/070-build.bats @@ -39,6 +39,7 @@ EOF cat >$dockerfile <<EOF FROM $IMAGE RUN echo $rand_content > /$rand_filename +VOLUME ['/etc/foo', '/etc/bar'] EOF run_podman buildx build --load -t build_test --format=docker $tmpdir @@ -47,6 +48,14 @@ EOF run_podman run --rm build_test cat /$rand_filename is "$output" "$rand_content" "reading generated file in image" + # Make sure the volumes are created at surprising yet Docker-compatible + # destinations (see bugzilla.redhat.com/show_bug.cgi?id=2014149). + run_podman run --rm build_test find /[ /etc/bar\] -print + is "$output" "/\[ +/\[/etc +/\[/etc/foo, +/etc/bar]" "weird VOLUME gets converted to directories with brackets and comma" + run_podman rmi -f build_test } |