libcontainer: Ensure bind mount target files are inside rootfs
Before we create any files to bind-mount on, make sure they are inside the container rootfs, handling for instance absolute symbolic links inside the container. Docker-DCO-1.1-Signed-off-by: Alexander Larsson <alexl@redhat.com> (github: alexlarsson)
This commit is contained in:
Alexander Larsson
Michael Crosby
parent
9b01755ade
commit
4086e37e27
1 changed files with 7 additions and 0 deletions
|
|
@ -12,6 +12,7 @@ import (
|
|||
"github.com/dotcloud/docker/pkg/libcontainer"
|
||||
"github.com/dotcloud/docker/pkg/libcontainer/mount/nodes"
|
||||
"github.com/dotcloud/docker/pkg/system"
|
||||
"github.com/dotcloud/docker/utils"
|
||||
)
|
||||
|
||||
// default mount point flags
|
||||
|
|
@ -127,6 +128,12 @@ func setupBindmounts(rootfs string, bindMounts libcontainer.Mounts) error {
|
|||
if err != nil {
|
||||
return err
|
||||
}
|
||||
|
||||
dest, err = utils.FollowSymlinkInScope(dest, rootfs)
|
||||
if err != nil {
|
||||
return err
|
||||
}
|
||||
|
||||
if err := createIfNotExists(dest, stat.IsDir()); err != nil {
|
||||
return fmt.Errorf("Creating new bind-mount target, %s", err)
|
||||
}
|
||||
|
|
|
|||
Loading…
Reference in a new issue