From 92e9d7891e2d68b119936509e780f3a3d93d8780 Mon Sep 17 00:00:00 2001 From: Daniel J Walsh Date: Fri, 10 Aug 2018 14:46:59 -0400 Subject: We need to sort mounts so that one mount does not over mount another. Currently we add mounts from images, volumes and internal. We can accidently over mount an existing mount. This patch sorts the mounts to make sure a parent directory is always mounted before its content. Had to change the default propagation on image volume mounts from shared to private to stop mount points from leaking out of the container. Also switched from using some docker/docker/pkg to container/storage/pkg to remove some dependencies on Docker. Signed-off-by: Daniel J Walsh Closes: #1243 Approved by: mheon --- libpod/container_api.go | 2 +- libpod/container_internal.go | 7 +++---- libpod/container_internal_linux.go | 6 ++++++ libpod/in_memory_state.go | 2 +- libpod/info.go | 2 +- libpod/pod_internal.go | 2 +- libpod/util.go | 24 ++++++++++++++++++++++++ 7 files changed, 37 insertions(+), 8 deletions(-) (limited to 'libpod') diff --git a/libpod/container_api.go b/libpod/container_api.go index 73fd96960..62281218f 100644 --- a/libpod/container_api.go +++ b/libpod/container_api.go @@ -8,8 +8,8 @@ import ( "strings" "time" + "github.com/containers/storage/pkg/stringid" "github.com/docker/docker/daemon/caps" - "github.com/docker/docker/pkg/stringid" "github.com/pkg/errors" "github.com/projectatomic/libpod/libpod/driver" "github.com/projectatomic/libpod/pkg/inspect" diff --git a/libpod/container_internal.go b/libpod/container_internal.go index 7b5932541..535f34200 100644 --- a/libpod/container_internal.go +++ b/libpod/container_internal.go @@ -16,8 +16,8 @@ import ( "github.com/containers/storage" "github.com/containers/storage/pkg/archive" "github.com/containers/storage/pkg/chrootarchive" - "github.com/docker/docker/pkg/mount" - "github.com/docker/docker/pkg/stringid" + "github.com/containers/storage/pkg/mount" + "github.com/containers/storage/pkg/stringid" spec "github.com/opencontainers/runtime-spec/specs-go" "github.com/opencontainers/runtime-tools/generate" "github.com/opencontainers/selinux/go-selinux/label" @@ -829,7 +829,6 @@ func (c *Container) cleanupStorage() error { logrus.Debugf("Storage is already unmounted, skipping...") return nil } - for _, mount := range c.config.Mounts { if err := c.unmountSHM(mount); err != nil { return err @@ -1178,7 +1177,7 @@ func (c *Container) addLocalVolumes(ctx context.Context, g *generate.Generator) mount := spec.Mount{ Destination: k, Type: "bind", - Options: []string{"rbind", "rw"}, + Options: []string{"private", "bind", "rw"}, } if MountExists(g.Mounts(), k) { continue diff --git a/libpod/container_internal_linux.go b/libpod/container_internal_linux.go index e7e3b6ce9..59fb6af87 100644 --- a/libpod/container_internal_linux.go +++ b/libpod/container_internal_linux.go @@ -248,6 +248,12 @@ func (c *Container) generateSpec(ctx context.Context) (*spec.Spec, error) { g.SetLinuxCgroupsPath(cgroupPath) } + // Mounts need to be sorted so paths will not cover other paths + mounts := sortMounts(g.Mounts()) + g.ClearMounts() + for _, m := range mounts { + g.AddMount(m) + } return g.Config, nil } diff --git a/libpod/in_memory_state.go b/libpod/in_memory_state.go index 8bdd0881c..0327b331e 100644 --- a/libpod/in_memory_state.go +++ b/libpod/in_memory_state.go @@ -3,7 +3,7 @@ package libpod import ( "strings" - "github.com/docker/docker/pkg/truncindex" + "github.com/containers/storage/pkg/truncindex" "github.com/pkg/errors" "github.com/projectatomic/libpod/pkg/registrar" ) diff --git a/libpod/info.go b/libpod/info.go index 5bb77f447..1108845ea 100644 --- a/libpod/info.go +++ b/libpod/info.go @@ -10,7 +10,7 @@ import ( "strings" "time" - "github.com/docker/docker/pkg/system" + "github.com/containers/storage/pkg/system" "github.com/pkg/errors" "github.com/projectatomic/libpod/utils" ) diff --git a/libpod/pod_internal.go b/libpod/pod_internal.go index 9102ae28a..c8d8405bb 100644 --- a/libpod/pod_internal.go +++ b/libpod/pod_internal.go @@ -7,7 +7,7 @@ import ( "time" "github.com/containers/storage" - "github.com/docker/docker/pkg/stringid" + "github.com/containers/storage/pkg/stringid" "github.com/pkg/errors" "github.com/sirupsen/logrus" ) diff --git a/libpod/util.go b/libpod/util.go index 106dd4666..13235059f 100644 --- a/libpod/util.go +++ b/libpod/util.go @@ -4,6 +4,7 @@ import ( "fmt" "os" "path/filepath" + "sort" "strconv" "strings" "time" @@ -121,3 +122,26 @@ func WaitForFile(path string, timeout time.Duration) error { return errors.Wrapf(ErrInternal, "timed out waiting for file %s", path) } } + +type byDestination []spec.Mount + +func (m byDestination) Len() int { + return len(m) +} + +func (m byDestination) Less(i, j int) bool { + return m.parts(i) < m.parts(j) +} + +func (m byDestination) Swap(i, j int) { + m[i], m[j] = m[j], m[i] +} + +func (m byDestination) parts(i int) int { + return strings.Count(filepath.Clean(m[i].Destination), string(os.PathSeparator)) +} + +func sortMounts(m []spec.Mount) []spec.Mount { + sort.Sort(byDestination(m)) + return m +} -- cgit v1.2.3-54-g00ecf