We use cookies to ensure you get the best experience on our website
Home Explore Help
Register Sign In
0ct0pu5
/
moby
1
0
Fork 0
Files Issues 0 Pull Requests 0 Wiki
Browse Source

do not mount /dev/shm or /dev/mqueue if we are mounting from the host

Signed-off-by: Jessica Frazelle <acidburn@docker.com>
Jessica Frazelle 9 years ago
parent
970bc4b5c1
commit
b8605a1107
1 changed files with 67 additions and 47 deletions
Unified View Show Diff Stats
  1. 67 47
      daemon/container_unix.go

+ 67 - 47
daemon/container_unix.go
View File 

@@ -1237,31 +1237,40 @@ func (container *Container) mqueuePath() (string, error) {
 
 	return container.getRootResourcePath("mqueue")
 
 	return container.getRootResourcePath("mqueue")
 
 }
 
 }
 
 
 
+func (container *Container) hasMountFor(path string) bool {
 
+	_, exists := container.MountPoints[path]
 
+	return exists
 
+}
 
+
 
 func (container *Container) setupIpcDirs() error {
 
 func (container *Container) setupIpcDirs() error {
 
-	shmPath, err := container.shmPath()
 
-	if err != nil {
 
-		return err
 
-	}
 
+	if !container.hasMountFor("/dev/shm") {
 
+		shmPath, err := container.shmPath()
 
+		if err != nil {
 
+			return err
 
+		}
 
 
 
-	if err := os.MkdirAll(shmPath, 0700); err != nil {
 
-		return err
 
-	}
 
+		if err := os.MkdirAll(shmPath, 0700); err != nil {
 
+			return err
 
+		}
 
 
 
-	if err := syscall.Mount("shm", shmPath, "tmpfs", uintptr(syscall.MS_NOEXEC|syscall.MS_NOSUID|syscall.MS_NODEV), label.FormatMountLabel("mode=1777,size=65536k", container.getMountLabel())); err != nil {
 
-		return fmt.Errorf("mounting shm tmpfs: %s", err)
 
+		if err := syscall.Mount("shm", shmPath, "tmpfs", uintptr(syscall.MS_NOEXEC|syscall.MS_NOSUID|syscall.MS_NODEV), label.FormatMountLabel("mode=1777,size=65536k", container.getMountLabel())); err != nil {
 
+			return fmt.Errorf("mounting shm tmpfs: %s", err)
 
+		}
 
 	}
 
 	}
 
 
 
-	mqueuePath, err := container.mqueuePath()
 
-	if err != nil {
 
-		return err
 
-	}
 
+	if !container.hasMountFor("/dev/mqueue") {
 
+		mqueuePath, err := container.mqueuePath()
 
+		if err != nil {
 
+			return err
 
+		}
 
 
 
-	if err := os.MkdirAll(mqueuePath, 0700); err != nil {
 
-		return err
 
-	}
 
+		if err := os.MkdirAll(mqueuePath, 0700); err != nil {
 
+			return err
 
+		}
 
 
 
-	if err := syscall.Mount("mqueue", mqueuePath, "mqueue", uintptr(syscall.MS_NOEXEC|syscall.MS_NOSUID|syscall.MS_NODEV), ""); err != nil {
 
-		return fmt.Errorf("mounting mqueue mqueue : %s", err)
 
+		if err := syscall.Mount("mqueue", mqueuePath, "mqueue", uintptr(syscall.MS_NOEXEC|syscall.MS_NOSUID|syscall.MS_NODEV), ""); err != nil {
 
+			return fmt.Errorf("mounting mqueue mqueue : %s", err)
 
+		}
 
 	}
 
 	}
 
 
 
 	return nil
 
 	return nil
 
@@ -1273,26 +1282,31 @@ func (container *Container) unmountIpcMounts() error {
 
 	}
 
 	}
 
 
 
 	var errors []string
 
 	var errors []string
 
-	shmPath, err := container.shmPath()
 
-	if err != nil {
 
-		logrus.Error(err)
 
-		errors = append(errors, err.Error())
 
-	} else {
 
-		if err := detachMounted(shmPath); err != nil {
 
-			logrus.Errorf("failed to umount %s: %v", shmPath, err)
 
+
 
+	if !container.hasMountFor("/dev/shm") {
 
+		shmPath, err := container.shmPath()
 
+		if err != nil {
 
+			logrus.Error(err)
 
 			errors = append(errors, err.Error())
 
 			errors = append(errors, err.Error())
 
-		}
 
+		} else {
 
+			if err := detachMounted(shmPath); err != nil {
 
+				logrus.Errorf("failed to umount %s: %v", shmPath, err)
 
+				errors = append(errors, err.Error())
 
+			}
 
 
 
+		}
 
 	}
 
 	}
 
 
 
-	mqueuePath, err := container.mqueuePath()
 
-	if err != nil {
 
-		logrus.Error(err)
 
-		errors = append(errors, err.Error())
 
-	} else {
 
-		if err := detachMounted(mqueuePath); err != nil {
 
-			logrus.Errorf("failed to umount %s: %v", mqueuePath, err)
 
+	if !container.hasMountFor("/dev/mqueue") {
 
+		mqueuePath, err := container.mqueuePath()
 
+		if err != nil {
 
+			logrus.Error(err)
 
 			errors = append(errors, err.Error())
 
 			errors = append(errors, err.Error())
 
+		} else {
 
+			if err := detachMounted(mqueuePath); err != nil {
 
+				logrus.Errorf("failed to umount %s: %v", mqueuePath, err)
 
+				errors = append(errors, err.Error())
 
+			}
 
 		}
 
 		}
 
 	}
 
 	}
 
 
 
@@ -1305,20 +1319,26 @@ func (container *Container) unmountIpcMounts() error {
 
 
 
 func (container *Container) ipcMounts() []execdriver.Mount {
 
 func (container *Container) ipcMounts() []execdriver.Mount {
 
 	var mounts []execdriver.Mount
 
 	var mounts []execdriver.Mount
 
-	label.SetFileLabel(container.ShmPath, container.MountLabel)
 
-	mounts = append(mounts, execdriver.Mount{
 
-		Source:      container.ShmPath,
 
-		Destination: "/dev/shm",
 
-		Writable:    true,
 
-		Private:     true,
 
-	})
 
-	label.SetFileLabel(container.MqueuePath, container.MountLabel)
 
-	mounts = append(mounts, execdriver.Mount{
 
-		Source:      container.MqueuePath,
 
-		Destination: "/dev/mqueue",
 
-		Writable:    true,
 
-		Private:     true,
 
-	})
 
+
 
+	if !container.hasMountFor("/dev/shm") {
 
+		label.SetFileLabel(container.ShmPath, container.MountLabel)
 
+		mounts = append(mounts, execdriver.Mount{
 
+			Source:      container.ShmPath,
 
+			Destination: "/dev/shm",
 
+			Writable:    true,
 
+			Private:     true,
 
+		})
 
+	}
 
+
 
+	if !container.hasMountFor("/dev/mqueue") {
 
+		label.SetFileLabel(container.MqueuePath, container.MountLabel)
 
+		mounts = append(mounts, execdriver.Mount{
 
+			Source:      container.MqueuePath,
 
+			Destination: "/dev/mqueue",
 
+			Writable:    true,
 
+			Private:     true,
 
+		})
 
+	}
 
 	return mounts
 
 	return mounts
 
 }
 
 }

Contact | Legal | Takedown | Status
Self-hosted public services - About
NibbleSpot by 0ct0pu5