481d2633fe
Signed-off-by: John Howard (VM) <jhoward@ntdev.microsoft.com>
64 lines
2 KiB
Go
64 lines
2 KiB
Go
// +build !windows
|
|
|
|
package daemon
|
|
|
|
import (
|
|
"os"
|
|
"path/filepath"
|
|
|
|
"github.com/docker/docker/container"
|
|
)
|
|
|
|
// checkIfPathIsInAVolume checks if the path is in a volume. If it is, it
|
|
// cannot be in a read-only volume. If it is not in a volume, the container
|
|
// cannot be configured with a read-only rootfs.
|
|
func checkIfPathIsInAVolume(container *container.Container, absPath string) (bool, error) {
|
|
var toVolume bool
|
|
for _, mnt := range container.MountPoints {
|
|
if toVolume = mnt.HasResource(absPath); toVolume {
|
|
if mnt.RW {
|
|
break
|
|
}
|
|
return false, ErrVolumeReadonly
|
|
}
|
|
}
|
|
return toVolume, nil
|
|
}
|
|
|
|
func fixPermissions(source, destination string, uid, gid int, destExisted bool) error {
|
|
// If the destination didn't already exist, or the destination isn't a
|
|
// directory, then we should Lchown the destination. Otherwise, we shouldn't
|
|
// Lchown the destination.
|
|
destStat, err := os.Stat(destination)
|
|
if err != nil {
|
|
// This should *never* be reached, because the destination must've already
|
|
// been created while untar-ing the context.
|
|
return err
|
|
}
|
|
doChownDestination := !destExisted || !destStat.IsDir()
|
|
|
|
// We Walk on the source rather than on the destination because we don't
|
|
// want to change permissions on things we haven't created or modified.
|
|
return filepath.Walk(source, func(fullpath string, info os.FileInfo, err error) error {
|
|
// Do not alter the walk root iff. it existed before, as it doesn't fall under
|
|
// the domain of "things we should chown".
|
|
if !doChownDestination && (source == fullpath) {
|
|
return nil
|
|
}
|
|
|
|
// Path is prefixed by source: substitute with destination instead.
|
|
cleaned, err := filepath.Rel(source, fullpath)
|
|
if err != nil {
|
|
return err
|
|
}
|
|
|
|
fullpath = filepath.Join(destination, cleaned)
|
|
return os.Lchown(fullpath, uid, gid)
|
|
})
|
|
}
|
|
|
|
// isOnlineFSOperationPermitted returns an error if an online filesystem operation
|
|
// is not permitted.
|
|
func (daemon *Daemon) isOnlineFSOperationPermitted(container *container.Container) error {
|
|
return nil
|
|
}
|