kotovalexarian-likes-github/moby--moby
1
0
Fork 0
mirror of https://github.com/moby/moby.git synced 2022-11-09 12:21:53 -05:00
Code Releases Activity

proper cleanup upon mount fail

Browse source 
Signed-off-by: Evan Hazlett <ejhazlett@gmail.com>
This commit is contained in:
Evan Hazlett 2016-10-27 11:29:51 -07:00
parent f50a65ff0c
commit 0c170a76c5
1 changed files with 9 additions and 11 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

20
daemon/container_operations_unix.go
View file

@ -144,12 +144,10 @@ func (daemon *Daemon) setupIpcDirs(c *container.Container) error {
return nil
}
func (daemon *Daemon) setupSecretDir(c *container.Container) error {
func (daemon *Daemon) setupSecretDir(c *container.Container) (setupErr error) {
localMountPath := c.SecretMountPath()
logrus.Debugf("secrets: setting up secret dir: %s", localMountPath)
var setupErr error
defer func(err error) {
if err != nil {
// cleanup
@ -163,22 +161,22 @@ func (daemon *Daemon) setupSecretDir(c *container.Container) error {
// create tmpfs
if err := os.MkdirAll(localMountPath, 0700); err != nil {
setupErr = errors.Wrap(err, "error creating secret local mount path")
return errors.Wrap(err, "error creating secret local mount path")
}
if err := mount.Mount("tmpfs", localMountPath, "tmpfs", "nodev"); err != nil {
setupErr = errors.Wrap(err, "unable to setup secret mount")
return errors.Wrap(err, "unable to setup secret mount")
}
for _, s := range c.Secrets {
// ensure that the target is a filename only; no paths allowed
tDir, tPath := filepath.Split(s.Target)
if tDir != "" {
setupErr = fmt.Errorf("error creating secret: secret must not have a path")
return fmt.Errorf("error creating secret: secret must not have a path")
}
fPath := filepath.Join(localMountPath, tPath)
if err := os.MkdirAll(filepath.Dir(fPath), 0700); err != nil {
setupErr = errors.Wrap(err, "error creating secret mount path")
return errors.Wrap(err, "error creating secret mount path")
}
logrus.WithFields(logrus.Fields{
@ -186,20 +184,20 @@ func (daemon *Daemon) setupSecretDir(c *container.Container) error {
"path": fPath,
}).Debug("injecting secret")
if err := ioutil.WriteFile(fPath, s.Data, s.Mode); err != nil {
setupErr = errors.Wrap(err, "error injecting secret")
return errors.Wrap(err, "error injecting secret")
}
if err := os.Chown(fPath, s.Uid, s.Gid); err != nil {
setupErr = errors.Wrap(err, "error setting ownership for secret")
return errors.Wrap(err, "error setting ownership for secret")
}
}
// remount secrets ro
if err := mount.Mount("tmpfs", localMountPath, "tmpfs", "remount,ro"); err != nil {
setupErr = errors.Wrap(err, "unable to remount secret dir as readonly")
return errors.Wrap(err, "unable to remount secret dir as readonly")
}
return setupErr
return nil
}
func killProcessDirectly(container *container.Container) error {