Merge pull request #6701 from crosbymichael/mount-root
Allow / as source of -v
This commit is contained in:
unclejack
commit
510f1ba438
4 changed files with 14 additions and 47 deletions
|
|
@ -960,3 +960,14 @@ func TestRootWorkdir(t *testing.T) {
|
|||
|
||||
logDone("run - workdir /")
|
||||
}
|
||||
|
||||
func TestAllowBindMountingRoot(t *testing.T) {
|
||||
s, _, err := cmd(t, "run", "-v", "/:/host", "busybox", "ls", "/host")
|
||||
if err != nil {
|
||||
t.Fatal(s, err)
|
||||
}
|
||||
|
||||
deleteAllContainers()
|
||||
|
||||
logDone("run - bind mount / as volume")
|
||||
}
|
||||
|
|
|
|||
|
|
@ -672,42 +672,6 @@ func TestPostContainersStart(t *testing.T) {
|
|||
containerKill(eng, containerID, t)
|
||||
}
|
||||
|
||||
// Expected behaviour: using / as a bind mount source should throw an error
|
||||
func TestRunErrorBindMountRootSource(t *testing.T) {
|
||||
eng := NewTestEngine(t)
|
||||
defer mkDaemonFromEngine(eng, t).Nuke()
|
||||
|
||||
containerID := createTestContainer(
|
||||
eng,
|
||||
&runconfig.Config{
|
||||
Image: unitTestImageID,
|
||||
Cmd: []string{"/bin/cat"},
|
||||
OpenStdin: true,
|
||||
},
|
||||
t,
|
||||
)
|
||||
|
||||
hostConfigJSON, err := json.Marshal(&runconfig.HostConfig{
|
||||
Binds: []string{"/:/tmp"},
|
||||
})
|
||||
|
||||
req, err := http.NewRequest("POST", "/containers/"+containerID+"/start", bytes.NewReader(hostConfigJSON))
|
||||
if err != nil {
|
||||
t.Fatal(err)
|
||||
}
|
||||
|
||||
req.Header.Set("Content-Type", "application/json")
|
||||
|
||||
r := httptest.NewRecorder()
|
||||
if err := server.ServeRequest(eng, api.APIVERSION, r, req); err != nil {
|
||||
t.Fatal(err)
|
||||
}
|
||||
if r.Code != http.StatusInternalServerError {
|
||||
containerKill(eng, containerID, t)
|
||||
t.Fatal("should have failed to run when using / as a source for the bind mount")
|
||||
}
|
||||
}
|
||||
|
||||
func TestPostContainersStop(t *testing.T) {
|
||||
eng := NewTestEngine(t)
|
||||
defer mkDaemonFromEngine(eng, t).Nuke()
|
||||
|
|
|
|||
|
|
@ -132,8 +132,8 @@ func parseRun(cmd *flag.FlagSet, args []string, sysInfo *sysinfo.SysInfo) (*Conf
|
|||
// add any bind targets to the list of container volumes
|
||||
for bind := range flVolumes.GetMap() {
|
||||
if arr := strings.Split(bind, ":"); len(arr) > 1 {
|
||||
if arr[0] == "/" {
|
||||
return nil, nil, cmd, fmt.Errorf("Invalid bind mount: source can't be '/'")
|
||||
if arr[1] == "/" {
|
||||
return nil, nil, cmd, fmt.Errorf("Invalid bind mount: desination can't be '/'")
|
||||
}
|
||||
// after creating the bind mount we want to delete it from the flVolumes values because
|
||||
// we do not want bind mounts being committed to image configs
|
||||
|
|
|
|||
|
|
@ -2055,19 +2055,11 @@ func (srv *Server) ContainerStart(job *engine.Job) engine.Status {
|
|||
if len(job.Environ()) > 0 {
|
||||
hostConfig := runconfig.ContainerHostConfigFromJob(job)
|
||||
// Validate the HostConfig binds. Make sure that:
|
||||
// 1) the source of a bind mount isn't /
|
||||
// The bind mount "/:/foo" isn't allowed.
|
||||
// 2) Check that the source exists
|
||||
// The source to be bind mounted must exist.
|
||||
// the source exists
|
||||
for _, bind := range hostConfig.Binds {
|
||||
splitBind := strings.Split(bind, ":")
|
||||
source := splitBind[0]
|
||||
|
||||
// refuse to bind mount "/" to the container
|
||||
if source == "/" {
|
||||
return job.Errorf("Invalid bind mount '%s' : source can't be '/'", bind)
|
||||
}
|
||||
|
||||
// ensure the source exists on the host
|
||||
_, err := os.Stat(source)
|
||||
if err != nil && os.IsNotExist(err) {
|
||||
|
|
|
|||
Loading…
Add table
Reference in a new issue