vbatts/pkg
1
0
Fork 0
Code Pull requests Releases Activity

libcontainer: Ensure bind mount target files are inside rootfs

Browse source 
Before we create any files to bind-mount on, make sure they are
inside the container rootfs, handling for instance absolute symbolic
links inside the container.

Docker-DCO-1.1-Signed-off-by: Alexander Larsson <alexl@redhat.com> (github: alexlarsson)
This commit is contained in:
Alexander Larsson 2014-05-13 15:42:21 +02:00 committed by Michael Crosby
parent 9b01755ade
commit 4086e37e27
1 changed files with 7 additions and 0 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

7
libcontainer/mount/init.go
View file

@ -12,6 +12,7 @@ import (
"github.com/dotcloud/docker/pkg/libcontainer" "github.com/dotcloud/docker/pkg/libcontainer"
"github.com/dotcloud/docker/pkg/libcontainer/mount/nodes" "github.com/dotcloud/docker/pkg/libcontainer/mount/nodes"
"github.com/dotcloud/docker/pkg/system" "github.com/dotcloud/docker/pkg/system"
"github.com/dotcloud/docker/utils"
) )
// default mount point flags // default mount point flags
@ -127,6 +128,12 @@ func setupBindmounts(rootfs string, bindMounts libcontainer.Mounts) error {
if err != nil { if err != nil {
return err return err
} }
dest, err = utils.FollowSymlinkInScope(dest, rootfs)
if err != nil {
return err
}
if err := createIfNotExists(dest, stat.IsDir()); err != nil { if err := createIfNotExists(dest, stat.IsDir()); err != nil {
return fmt.Errorf("Creating new bind-mount target, %s", err) return fmt.Errorf("Creating new bind-mount target, %s", err)
} }