Allow / as source of -v
We discussed this at the docker plumbers meetup and for tools and working on the system for things like boot2docker and coreos this is needed. You can already bypass this check so we felt it is ok to start allowing this feature. Docker-DCO-1.1-Signed-off-by: Michael Crosby <michael@docker.com> (github: crosbymichael)
This commit is contained in:
Michael Crosby
parent
9aa840c50d
commit
e39b8eade1
3 changed files with 14 additions and 11 deletions
|
|
@ -960,3 +960,14 @@ func TestRootWorkdir(t *testing.T) {
|
|||
|
||||
logDone("run - workdir /")
|
||||
}
|
||||
|
||||
func TestAllowBindMountingRoot(t *testing.T) {
|
||||
s, _, err := cmd(t, "run", "-v", "/:/host", "busybox", "ls", "/host")
|
||||
if err != nil {
|
||||
t.Fatal(s, err)
|
||||
}
|
||||
|
||||
deleteAllContainers()
|
||||
|
||||
logDone("run - bind mount / as volume")
|
||||
}
|
||||
|
|
|
|||
|
|
@ -132,8 +132,8 @@ func parseRun(cmd *flag.FlagSet, args []string, sysInfo *sysinfo.SysInfo) (*Conf
|
|||
// add any bind targets to the list of container volumes
|
||||
for bind := range flVolumes.GetMap() {
|
||||
if arr := strings.Split(bind, ":"); len(arr) > 1 {
|
||||
if arr[0] == "/" {
|
||||
return nil, nil, cmd, fmt.Errorf("Invalid bind mount: source can't be '/'")
|
||||
if arr[1] == "/" {
|
||||
return nil, nil, cmd, fmt.Errorf("Invalid bind mount: desination can't be '/'")
|
||||
}
|
||||
// after creating the bind mount we want to delete it from the flVolumes values because
|
||||
// we do not want bind mounts being committed to image configs
|
||||
|
|
|
|||
|
|
@ -2055,19 +2055,11 @@ func (srv *Server) ContainerStart(job *engine.Job) engine.Status {
|
|||
if len(job.Environ()) > 0 {
|
||||
hostConfig := runconfig.ContainerHostConfigFromJob(job)
|
||||
// Validate the HostConfig binds. Make sure that:
|
||||
// 1) the source of a bind mount isn't /
|
||||
// The bind mount "/:/foo" isn't allowed.
|
||||
// 2) Check that the source exists
|
||||
// The source to be bind mounted must exist.
|
||||
// the source exists
|
||||
for _, bind := range hostConfig.Binds {
|
||||
splitBind := strings.Split(bind, ":")
|
||||
source := splitBind[0]
|
||||
|
||||
// refuse to bind mount "/" to the container
|
||||
if source == "/" {
|
||||
return job.Errorf("Invalid bind mount '%s' : source can't be '/'", bind)
|
||||
}
|
||||
|
||||
// ensure the source exists on the host
|
||||
_, err := os.Stat(source)
|
||||
if err != nil && os.IsNotExist(err) {
|
||||
|
|
|
|||
Loading…
Reference in a new issue