8 年之前 · 37ce91ddd6
--- a/container/container.go
+++ b/container/container.go
@@ -954,8 +954,9 @@ func (container *Container) SecretMountPath() string {
 
				 	return filepath.Join(container.Root, "secrets")
			
 
				 }
			
 
				 
			
 
				-func (container *Container) getLocalSecretPath(r *swarmtypes.SecretReference) string {
			
 
				-	return filepath.Join(container.SecretMountPath(), filepath.Base(r.File.Name))
			
 
				+// SecretFilePath returns the path to the location of a secret on the host.
			
 
				+func (container *Container) SecretFilePath(secretRef swarmtypes.SecretReference) string {
			
 
				+	return filepath.Join(container.SecretMountPath(), secretRef.SecretID)
			
 
				 }
			
 
				 
			
 
				 func getSecretTargetPath(r *swarmtypes.SecretReference) string {
			
--- a/container/container_unix.go
+++ b/container/container_unix.go
@@ -248,15 +248,15 @@ func (container *Container) IpcMounts() []Mount {
 
				 	return mounts
			
 
				 }
			
 
				 
			
 
				-// SecretMounts returns the mount for the secret path
			
 
				+// SecretMounts returns the mounts for the secret path.
			
 
				 func (container *Container) SecretMounts() []Mount {
			
 
				 	var mounts []Mount
			
 
				 	for _, r := range container.SecretReferences {
			
 
				-		// secrets are created in the SecretMountPath at a single level
			
 
				-		// i.e. /var/run/secrets/foo
			
 
				-		srcPath := container.getLocalSecretPath(r)
			
 
				+		if r.File == nil {
			
 
				+			continue
			
 
				+		}
			
 
				 		mounts = append(mounts, Mount{
			
 
				-			Source:      srcPath,
			
 
				+			Source:      container.SecretFilePath(*r),
			
 
				 			Destination: getSecretTargetPath(r),
			
 
				 			Writable:    false,
			
 
				 		})
			
--- a/container/container_windows.go
+++ b/container/container_windows.go
@@ -47,7 +47,7 @@ func (container *Container) IpcMounts() []Mount {
 
				 	return nil
			
 
				 }
			
 
				 
			
 
				-// SecretMounts returns the mount for the secret path
			
 
				+// SecretMounts returns the mounts for the secret path
			
 
				 func (container *Container) SecretMounts() []Mount {
			
 
				 	return nil
			
 
				 }
			
--- a/daemon/container_operations_unix.go
+++ b/daemon/container_operations_unix.go
@@ -177,9 +177,9 @@ func (daemon *Daemon) setupSecretDir(c *container.Container) (setupErr error) {
 
				 			return fmt.Errorf("secret target type is not a file target")
			
 
				 		}
			
 
				 
			
 
				-		// secrets are created in the SecretMountPath at a single level
			
 
				-		// i.e. /var/run/secrets/foo
			
 
				-		fPath := filepath.Join(localMountPath, filepath.Base(s.File.Name))
			
 
				+		// secrets are created in the SecretMountPath on the host, at a
			
 
				+		// single level
			
 
				+		fPath := c.SecretFilePath(*s)
			
 
				 		if err := idtools.MkdirAllAs(filepath.Dir(fPath), 0700, rootUID, rootGID); err != nil {
			
 
				 			return errors.Wrap(err, "error creating secret mount path")
			
 
				 		}