-
Notifications
You must be signed in to change notification settings - Fork 1.2k
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
exec: add extra validation for submount sources
While submount paths were already validated there are some cases where the parent mount may not be immutable while the submount is created. Signed-off-by: Tonis Tiigi <tonistiigi@gmail.com> (cherry picked from commit 2529ec4121bcd8c35bcd96218083da175c2e5b77) (cherry picked from commit cbc233b3b695918d92fd5b1407b829296c53db70)
- Loading branch information
1 parent
d089e0b
commit f781267
Showing
6 changed files
with
159 additions
and
34 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,15 @@ | ||
package oci | ||
|
||
import ( | ||
"github.com/containerd/containerd/mount" | ||
"github.com/containerd/continuity/fs" | ||
) | ||
|
||
func sub(m mount.Mount, subPath string) (mount.Mount, func() error, error) { | ||
src, err := fs.RootPath(m.Source, subPath) | ||
if err != nil { | ||
return mount.Mount{}, nil, err | ||
} | ||
m.Source = src | ||
return m, func() error { return nil }, nil | ||
} |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,57 @@ | ||
//go:build linux | ||
// +build linux | ||
|
||
package oci | ||
|
||
import ( | ||
"os" | ||
"strconv" | ||
|
||
"github.com/containerd/containerd/mount" | ||
"github.com/containerd/continuity/fs" | ||
"github.com/moby/buildkit/snapshot" | ||
"github.com/pkg/errors" | ||
"golang.org/x/sys/unix" | ||
) | ||
|
||
func sub(m mount.Mount, subPath string) (mount.Mount, func() error, error) { | ||
var retries = 10 | ||
root := m.Source | ||
for { | ||
src, err := fs.RootPath(root, subPath) | ||
if err != nil { | ||
return mount.Mount{}, nil, err | ||
} | ||
// similar to runc.WithProcfd | ||
fh, err := os.OpenFile(src, unix.O_PATH|unix.O_CLOEXEC, 0) | ||
if err != nil { | ||
return mount.Mount{}, nil, err | ||
} | ||
|
||
fdPath := "/proc/self/fd/" + strconv.Itoa(int(fh.Fd())) | ||
if resolved, err := os.Readlink(fdPath); err != nil { | ||
fh.Close() | ||
return mount.Mount{}, nil, err | ||
} else if resolved != src { | ||
retries-- | ||
if retries <= 0 { | ||
fh.Close() | ||
return mount.Mount{}, nil, errors.Errorf("unable to safely resolve subpath %s", subPath) | ||
} | ||
fh.Close() | ||
continue | ||
} | ||
|
||
m.Source = fdPath | ||
lm := snapshot.LocalMounterWithMounts([]mount.Mount{m}, snapshot.ForceRemount()) | ||
mp, err := lm.Mount() | ||
if err != nil { | ||
fh.Close() | ||
return mount.Mount{}, nil, err | ||
} | ||
m.Source = mp | ||
fh.Close() // release the fd, we don't need it anymore | ||
|
||
return m, lm.Unmount, nil | ||
} | ||
} |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters