aboutsummaryrefslogtreecommitdiff
path: root/libpod
diff options
context:
space:
mode:
authorDaniel J Walsh <dwalsh@redhat.com>2018-08-10 14:46:59 -0400
committerAtomic Bot <atomic-devel@projectatomic.io>2018-08-10 21:18:19 +0000
commit92e9d7891e2d68b119936509e780f3a3d93d8780 (patch)
tree6ff6f8a39f51cb5e365704a48bde49e8265853d7 /libpod
parent8b2d38ee842775fe6bbd72c166eaaceec91c2a65 (diff)
downloadpodman-92e9d7891e2d68b119936509e780f3a3d93d8780.tar.gz
podman-92e9d7891e2d68b119936509e780f3a3d93d8780.tar.bz2
podman-92e9d7891e2d68b119936509e780f3a3d93d8780.zip
We need to sort mounts so that one mount does not over mount another.
Currently we add mounts from images, volumes and internal. We can accidently over mount an existing mount. This patch sorts the mounts to make sure a parent directory is always mounted before its content. Had to change the default propagation on image volume mounts from shared to private to stop mount points from leaking out of the container. Also switched from using some docker/docker/pkg to container/storage/pkg to remove some dependencies on Docker. Signed-off-by: Daniel J Walsh <dwalsh@redhat.com> Closes: #1243 Approved by: mheon
Diffstat (limited to 'libpod')
-rw-r--r--libpod/container_api.go2
-rw-r--r--libpod/container_internal.go7
-rw-r--r--libpod/container_internal_linux.go6
-rw-r--r--libpod/in_memory_state.go2
-rw-r--r--libpod/info.go2
-rw-r--r--libpod/pod_internal.go2
-rw-r--r--libpod/util.go24
7 files changed, 37 insertions, 8 deletions
diff --git a/libpod/container_api.go b/libpod/container_api.go
index 73fd96960..62281218f 100644
--- a/libpod/container_api.go
+++ b/libpod/container_api.go
@@ -8,8 +8,8 @@ import (
"strings"
"time"
+ "github.com/containers/storage/pkg/stringid"
"github.com/docker/docker/daemon/caps"
- "github.com/docker/docker/pkg/stringid"
"github.com/pkg/errors"
"github.com/projectatomic/libpod/libpod/driver"
"github.com/projectatomic/libpod/pkg/inspect"
diff --git a/libpod/container_internal.go b/libpod/container_internal.go
index 7b5932541..535f34200 100644
--- a/libpod/container_internal.go
+++ b/libpod/container_internal.go
@@ -16,8 +16,8 @@ import (
"github.com/containers/storage"
"github.com/containers/storage/pkg/archive"
"github.com/containers/storage/pkg/chrootarchive"
- "github.com/docker/docker/pkg/mount"
- "github.com/docker/docker/pkg/stringid"
+ "github.com/containers/storage/pkg/mount"
+ "github.com/containers/storage/pkg/stringid"
spec "github.com/opencontainers/runtime-spec/specs-go"
"github.com/opencontainers/runtime-tools/generate"
"github.com/opencontainers/selinux/go-selinux/label"
@@ -829,7 +829,6 @@ func (c *Container) cleanupStorage() error {
logrus.Debugf("Storage is already unmounted, skipping...")
return nil
}
-
for _, mount := range c.config.Mounts {
if err := c.unmountSHM(mount); err != nil {
return err
@@ -1178,7 +1177,7 @@ func (c *Container) addLocalVolumes(ctx context.Context, g *generate.Generator)
mount := spec.Mount{
Destination: k,
Type: "bind",
- Options: []string{"rbind", "rw"},
+ Options: []string{"private", "bind", "rw"},
}
if MountExists(g.Mounts(), k) {
continue
diff --git a/libpod/container_internal_linux.go b/libpod/container_internal_linux.go
index e7e3b6ce9..59fb6af87 100644
--- a/libpod/container_internal_linux.go
+++ b/libpod/container_internal_linux.go
@@ -248,6 +248,12 @@ func (c *Container) generateSpec(ctx context.Context) (*spec.Spec, error) {
g.SetLinuxCgroupsPath(cgroupPath)
}
+ // Mounts need to be sorted so paths will not cover other paths
+ mounts := sortMounts(g.Mounts())
+ g.ClearMounts()
+ for _, m := range mounts {
+ g.AddMount(m)
+ }
return g.Config, nil
}
diff --git a/libpod/in_memory_state.go b/libpod/in_memory_state.go
index 8bdd0881c..0327b331e 100644
--- a/libpod/in_memory_state.go
+++ b/libpod/in_memory_state.go
@@ -3,7 +3,7 @@ package libpod
import (
"strings"
- "github.com/docker/docker/pkg/truncindex"
+ "github.com/containers/storage/pkg/truncindex"
"github.com/pkg/errors"
"github.com/projectatomic/libpod/pkg/registrar"
)
diff --git a/libpod/info.go b/libpod/info.go
index 5bb77f447..1108845ea 100644
--- a/libpod/info.go
+++ b/libpod/info.go
@@ -10,7 +10,7 @@ import (
"strings"
"time"
- "github.com/docker/docker/pkg/system"
+ "github.com/containers/storage/pkg/system"
"github.com/pkg/errors"
"github.com/projectatomic/libpod/utils"
)
diff --git a/libpod/pod_internal.go b/libpod/pod_internal.go
index 9102ae28a..c8d8405bb 100644
--- a/libpod/pod_internal.go
+++ b/libpod/pod_internal.go
@@ -7,7 +7,7 @@ import (
"time"
"github.com/containers/storage"
- "github.com/docker/docker/pkg/stringid"
+ "github.com/containers/storage/pkg/stringid"
"github.com/pkg/errors"
"github.com/sirupsen/logrus"
)
diff --git a/libpod/util.go b/libpod/util.go
index 106dd4666..13235059f 100644
--- a/libpod/util.go
+++ b/libpod/util.go
@@ -4,6 +4,7 @@ import (
"fmt"
"os"
"path/filepath"
+ "sort"
"strconv"
"strings"
"time"
@@ -121,3 +122,26 @@ func WaitForFile(path string, timeout time.Duration) error {
return errors.Wrapf(ErrInternal, "timed out waiting for file %s", path)
}
}
+
+type byDestination []spec.Mount
+
+func (m byDestination) Len() int {
+ return len(m)
+}
+
+func (m byDestination) Less(i, j int) bool {
+ return m.parts(i) < m.parts(j)
+}
+
+func (m byDestination) Swap(i, j int) {
+ m[i], m[j] = m[j], m[i]
+}
+
+func (m byDestination) parts(i int) int {
+ return strings.Count(filepath.Clean(m[i].Destination), string(os.PathSeparator))
+}
+
+func sortMounts(m []spec.Mount) []spec.Mount {
+ sort.Sort(byDestination(m))
+ return m
+}