We use cookies to ensure you get the best experience on our website
Strona główna Odkrywaj Pomoc
Zarejestruj się Zaloguj się
0ct0pu5
/
moby
1
0
Forkuj 0
Pliki Problemy 0 Oczekujące zmiany 0 Wiki
Przeglądaj źródła

Do not parse config.Volumes for named volumes

Fixes an issue where `VOLUME some_name:/foo` would be parsed as a named
volume, allowing access from the builder to any volume on the host.

This makes sure that named volumes must always be passed in as a bind.

Signed-off-by: Brian Goff <cpuguy83@gmail.com>
Brian Goff 9 lat temu
rodzic
d6e7350b96
commit
8e5bb8fdd3
2 zmienionych plików z 16 dodań i 13 usunięć
Widok podzielony Pokaż statystyki zmian
  1. 3 12
      daemon/create_unix.go
  2. 13 1
      integration-cli/docker_cli_build_test.go

+ 3 - 12
daemon/create_unix.go
Wyświetl plik 

@@ -5,7 +5,6 @@ package daemon
 
 import (
 
 	"os"
 
 	"path/filepath"
 
-	"strings"
 
 
 	derr "github.com/docker/docker/errors"
 
 	"github.com/docker/docker/image"
 
@@ -18,17 +17,9 @@ import (
 
 // createContainerPlatformSpecificSettings performs platform specific container create functionality
 
 func createContainerPlatformSpecificSettings(container *Container, config *runconfig.Config, hostConfig *runconfig.HostConfig, img *image.Image) error {
 
 	for spec := range config.Volumes {
 
-		var (
 
-			name, destination string
 
-			parts             = strings.Split(spec, ":")
 
-		)
 
-		switch len(parts) {
 
-		case 2:
 
-			name, destination = parts[0], filepath.Clean(parts[1])
 
-		default:
 
-			name = stringid.GenerateNonCryptoID()
 
-			destination = filepath.Clean(parts[0])
 
-		}
 
+		name := stringid.GenerateNonCryptoID()
 
+		destination := filepath.Clean(spec)
 
+
 
 		// Skip volumes for which we already have something mounted on that
 
 		// destination because of a --volume-from.
 
 		if container.isDestinationMounted(destination) {

+ 13 - 1
integration-cli/docker_cli_build_test.go
Wyświetl plik 

@@ -5641,7 +5641,7 @@ func (s *DockerSuite) TestBuildNullStringInAddCopyVolume(c *check.C) {
 
 
 	ctx, err := fakeContext(`
 
 		FROM busybox
 
-		
+
 
 		ADD null /
 
 		COPY nullfile /
 
 		VOLUME nullvolume
 
@@ -6194,3 +6194,15 @@ func (s *DockerSuite) TestBuildBuildTimeArgDefintionWithNoEnvInjection(c *check.
 
 		c.Fatalf("unexpected number of occurrences of the arg in output: %q expected: 1", out)
 
 	}
 
 }
 
+
 
+func (s *DockerSuite) TestBuildNoNamedVolume(c *check.C) {
 
+	testRequires(c, DaemonIsLinux)
 
+	dockerCmd(c, "run", "-v", "testname:/foo", "busybox", "sh", "-c", "touch /foo/oops")
 
+
 
+	dockerFile := `FROM busybox
 
+	VOLUME testname:/foo
 
+	RUN ls /foo/oops
 
+	`
 
+	_, err := buildImage("test", dockerFile, false)
 
+	c.Assert(err, check.NotNil, check.Commentf("image build should have failed"))
 
+}

Contact | Legal | Takedown | Status
Self-hosted public services - About
NibbleSpot by 0ct0pu5