validate.go 3.6 KB

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140
  1. package volume
  2. import (
  3. "errors"
  4. "fmt"
  5. "os"
  6. "path/filepath"
  7. "github.com/docker/docker/api/types/mount"
  8. )
  9. var errBindNotExist = errors.New("bind source path does not exist")
  10. type validateOpts struct {
  11. skipBindSourceCheck bool
  12. skipAbsolutePathCheck bool
  13. }
  14. func validateMountConfig(mnt *mount.Mount, options ...func(*validateOpts)) error {
  15. opts := validateOpts{}
  16. for _, o := range options {
  17. o(&opts)
  18. }
  19. if len(mnt.Target) == 0 {
  20. return &errMountConfig{mnt, errMissingField("Target")}
  21. }
  22. if err := validateNotRoot(mnt.Target); err != nil {
  23. return &errMountConfig{mnt, err}
  24. }
  25. if !opts.skipAbsolutePathCheck {
  26. if err := validateAbsolute(mnt.Target); err != nil {
  27. return &errMountConfig{mnt, err}
  28. }
  29. }
  30. switch mnt.Type {
  31. case mount.TypeBind:
  32. if len(mnt.Source) == 0 {
  33. return &errMountConfig{mnt, errMissingField("Source")}
  34. }
  35. // Don't error out just because the propagation mode is not supported on the platform
  36. if opts := mnt.BindOptions; opts != nil {
  37. if len(opts.Propagation) > 0 && len(propagationModes) > 0 {
  38. if _, ok := propagationModes[opts.Propagation]; !ok {
  39. return &errMountConfig{mnt, fmt.Errorf("invalid propagation mode: %s", opts.Propagation)}
  40. }
  41. }
  42. }
  43. if mnt.VolumeOptions != nil {
  44. return &errMountConfig{mnt, errExtraField("VolumeOptions")}
  45. }
  46. if err := validateAbsolute(mnt.Source); err != nil {
  47. return &errMountConfig{mnt, err}
  48. }
  49. // Do not allow binding to non-existent path
  50. if !opts.skipBindSourceCheck {
  51. fi, err := os.Stat(mnt.Source)
  52. if err != nil {
  53. if !os.IsNotExist(err) {
  54. return &errMountConfig{mnt, err}
  55. }
  56. return &errMountConfig{mnt, errBindNotExist}
  57. }
  58. if err := validateStat(fi); err != nil {
  59. return &errMountConfig{mnt, err}
  60. }
  61. }
  62. case mount.TypeVolume:
  63. if mnt.BindOptions != nil {
  64. return &errMountConfig{mnt, errExtraField("BindOptions")}
  65. }
  66. if len(mnt.Source) == 0 && mnt.ReadOnly {
  67. return &errMountConfig{mnt, fmt.Errorf("must not set ReadOnly mode when using anonymous volumes")}
  68. }
  69. if len(mnt.Source) != 0 {
  70. if valid, err := IsVolumeNameValid(mnt.Source); !valid {
  71. if err == nil {
  72. err = errors.New("invalid volume name")
  73. }
  74. return &errMountConfig{mnt, err}
  75. }
  76. }
  77. case mount.TypeTmpfs:
  78. if len(mnt.Source) != 0 {
  79. return &errMountConfig{mnt, errExtraField("Source")}
  80. }
  81. if err := ValidateTmpfsMountDestination(mnt.Target); err != nil {
  82. return &errMountConfig{mnt, err}
  83. }
  84. if _, err := ConvertTmpfsOptions(mnt.TmpfsOptions, mnt.ReadOnly); err != nil {
  85. return &errMountConfig{mnt, err}
  86. }
  87. default:
  88. return &errMountConfig{mnt, errors.New("mount type unknown")}
  89. }
  90. return nil
  91. }
  92. type errMountConfig struct {
  93. mount *mount.Mount
  94. err error
  95. }
  96. func (e *errMountConfig) Error() string {
  97. return fmt.Sprintf("invalid mount config for type %q: %v", e.mount.Type, e.err.Error())
  98. }
  99. func errExtraField(name string) error {
  100. return fmt.Errorf("field %s must not be specified", name)
  101. }
  102. func errMissingField(name string) error {
  103. return fmt.Errorf("field %s must not be empty", name)
  104. }
  105. func validateAbsolute(p string) error {
  106. p = convertSlash(p)
  107. if filepath.IsAbs(p) {
  108. return nil
  109. }
  110. return fmt.Errorf("invalid mount path: '%s' mount path must be absolute", p)
  111. }
  112. // ValidateTmpfsMountDestination validates the destination of tmpfs mount.
  113. // Currently, we have only two obvious rule for validation:
  114. // - path must not be "/"
  115. // - path must be absolute
  116. // We should add more rules carefully (#30166)
  117. func ValidateTmpfsMountDestination(dest string) error {
  118. if err := validateNotRoot(dest); err != nil {
  119. return err
  120. }
  121. return validateAbsolute(dest)
  122. }