diff options
| author | Daniel J Walsh <dwalsh@redhat.com> | 2018-08-10 14:46:59 -0400 |
|---|---|---|
| committer | Atomic Bot <atomic-devel@projectatomic.io> | 2018-08-10 21:18:19 +0000 |
| commit | 92e9d7891e2d68b119936509e780f3a3d93d8780 (patch) | |
| tree | 6ff6f8a39f51cb5e365704a48bde49e8265853d7 /libpod | |
| parent | 8b2d38ee842775fe6bbd72c166eaaceec91c2a65 (diff) | |
| download | podman-92e9d7891e2d68b119936509e780f3a3d93d8780.tar.gz podman-92e9d7891e2d68b119936509e780f3a3d93d8780.tar.bz2 podman-92e9d7891e2d68b119936509e780f3a3d93d8780.zip | |
We need to sort mounts so that one mount does not over mount another.
Currently we add mounts from images, volumes and internal.
We can accidently over mount an existing mount. This patch sorts the mounts
to make sure a parent directory is always mounted before its content.
Had to change the default propagation on image volume mounts from shared
to private to stop mount points from leaking out of the container.
Also switched from using some docker/docker/pkg to container/storage/pkg
to remove some dependencies on Docker.
Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
Closes: #1243
Approved by: mheon
Diffstat (limited to 'libpod')
| -rw-r--r-- | libpod/container_api.go | 2 | ||||
| -rw-r--r-- | libpod/container_internal.go | 7 | ||||
| -rw-r--r-- | libpod/container_internal_linux.go | 6 | ||||
| -rw-r--r-- | libpod/in_memory_state.go | 2 | ||||
| -rw-r--r-- | libpod/info.go | 2 | ||||
| -rw-r--r-- | libpod/pod_internal.go | 2 | ||||
| -rw-r--r-- | libpod/util.go | 24 |
7 files changed, 37 insertions, 8 deletions
diff --git a/libpod/container_api.go b/libpod/container_api.go index 73fd96960..62281218f 100644 --- a/libpod/container_api.go +++ b/libpod/container_api.go @@ -8,8 +8,8 @@ import ( "strings" "time" + "github.com/containers/storage/pkg/stringid" "github.com/docker/docker/daemon/caps" - "github.com/docker/docker/pkg/stringid" "github.com/pkg/errors" "github.com/projectatomic/libpod/libpod/driver" "github.com/projectatomic/libpod/pkg/inspect" diff --git a/libpod/container_internal.go b/libpod/container_internal.go index 7b5932541..535f34200 100644 --- a/libpod/container_internal.go +++ b/libpod/container_internal.go @@ -16,8 +16,8 @@ import ( "github.com/containers/storage" "github.com/containers/storage/pkg/archive" "github.com/containers/storage/pkg/chrootarchive" - "github.com/docker/docker/pkg/mount" - "github.com/docker/docker/pkg/stringid" + "github.com/containers/storage/pkg/mount" + "github.com/containers/storage/pkg/stringid" spec "github.com/opencontainers/runtime-spec/specs-go" "github.com/opencontainers/runtime-tools/generate" "github.com/opencontainers/selinux/go-selinux/label" @@ -829,7 +829,6 @@ func (c *Container) cleanupStorage() error { logrus.Debugf("Storage is already unmounted, skipping...") return nil } - for _, mount := range c.config.Mounts { if err := c.unmountSHM(mount); err != nil { return err @@ -1178,7 +1177,7 @@ func (c *Container) addLocalVolumes(ctx context.Context, g *generate.Generator) mount := spec.Mount{ Destination: k, Type: "bind", - Options: []string{"rbind", "rw"}, + Options: []string{"private", "bind", "rw"}, } if MountExists(g.Mounts(), k) { continue diff --git a/libpod/container_internal_linux.go b/libpod/container_internal_linux.go index e7e3b6ce9..59fb6af87 100644 --- a/libpod/container_internal_linux.go +++ b/libpod/container_internal_linux.go @@ -248,6 +248,12 @@ func (c *Container) generateSpec(ctx context.Context) (*spec.Spec, error) { g.SetLinuxCgroupsPath(cgroupPath) } + // Mounts need to be sorted so paths will not cover other paths + mounts := sortMounts(g.Mounts()) + g.ClearMounts() + for _, m := range mounts { + g.AddMount(m) + } return g.Config, nil } diff --git a/libpod/in_memory_state.go b/libpod/in_memory_state.go index 8bdd0881c..0327b331e 100644 --- a/libpod/in_memory_state.go +++ b/libpod/in_memory_state.go @@ -3,7 +3,7 @@ package libpod import ( "strings" - "github.com/docker/docker/pkg/truncindex" + "github.com/containers/storage/pkg/truncindex" "github.com/pkg/errors" "github.com/projectatomic/libpod/pkg/registrar" ) diff --git a/libpod/info.go b/libpod/info.go index 5bb77f447..1108845ea 100644 --- a/libpod/info.go +++ b/libpod/info.go @@ -10,7 +10,7 @@ import ( "strings" "time" - "github.com/docker/docker/pkg/system" + "github.com/containers/storage/pkg/system" "github.com/pkg/errors" "github.com/projectatomic/libpod/utils" ) diff --git a/libpod/pod_internal.go b/libpod/pod_internal.go index 9102ae28a..c8d8405bb 100644 --- a/libpod/pod_internal.go +++ b/libpod/pod_internal.go @@ -7,7 +7,7 @@ import ( "time" "github.com/containers/storage" - "github.com/docker/docker/pkg/stringid" + "github.com/containers/storage/pkg/stringid" "github.com/pkg/errors" "github.com/sirupsen/logrus" ) diff --git a/libpod/util.go b/libpod/util.go index 106dd4666..13235059f 100644 --- a/libpod/util.go +++ b/libpod/util.go @@ -4,6 +4,7 @@ import ( "fmt" "os" "path/filepath" + "sort" "strconv" "strings" "time" @@ -121,3 +122,26 @@ func WaitForFile(path string, timeout time.Duration) error { return errors.Wrapf(ErrInternal, "timed out waiting for file %s", path) } } + +type byDestination []spec.Mount + +func (m byDestination) Len() int { + return len(m) +} + +func (m byDestination) Less(i, j int) bool { + return m.parts(i) < m.parts(j) +} + +func (m byDestination) Swap(i, j int) { + m[i], m[j] = m[j], m[i] +} + +func (m byDestination) parts(i int) int { + return strings.Count(filepath.Clean(m[i].Destination), string(os.PathSeparator)) +} + +func sortMounts(m []spec.Mount) []spec.Mount { + sort.Sort(byDestination(m)) + return m +} |