kotovalexarian-likes-github
/
moby--moby
mirror of https://github.com/moby/moby.git
1
0
Fork 0
Code Releases Activity

devmapper: add a test for mount leak workaround 

In order to avoid reverting our fix for mount leakage in devicemapper,
add a test which checks that devicemapper's Get() and Put() cycle can
survive having a command running in an rprivate mount propagation setup
in-between. While this is quite rudimentary, it should be sufficient.

We have to skip this test for pre-3.18 kernels.

Signed-off-by: Aleksa Sarai <asarai@suse.de>
This commit is contained in:
Aleksa Sarai 2017-11-08 10:02:58 +11:00
parent 92e45b81e0
commit 1af8ea681f
No known key found for this signature in database
GPG Key ID: 9E18AA267DDB8DB4
1 changed files with 53 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

53
daemon/graphdriver/devmapper/devmapper_test.go
View File

@ -5,12 +5,15 @@ package devmapper
import (
"fmt"
"os"
"os/exec"
"syscall"
"testing"
"time"
"github.com/docker/docker/daemon/graphdriver"
"github.com/docker/docker/daemon/graphdriver/graphtest"
"github.com/docker/docker/pkg/parsers/kernel"
"golang.org/x/sys/unix"
)
func init() {
@ -150,3 +153,53 @@ func TestDevmapperLockReleasedDeviceDeletion(t *testing.T) {
case <-doneChan:
}
}
// Ensure that mounts aren't leakedriver. It's non-trivial for us to test the full
// reproducer of #34573 in a unit test, but we can at least make sure that a
// simple command run in a new namespace doesn't break things horribly.
func TestDevmapperMountLeaks(t *testing.T) {
if !kernel.CheckKernelVersion(3, 18, 0) {
t.Skipf("kernel version <3.18.0 and so is missing torvalds/linux@8ed936b5671bfb33d89bc60bdcc7cf0470ba52fe.")
}
driver := graphtest.GetDriver(t, "devicemapper", "dm.use_deferred_removal=false", "dm.use_deferred_deletion=false").(*graphtest.Driver).Driver.(*graphdriver.NaiveDiffDriver).ProtoDriver.(*Driver)
defer graphtest.PutDriver(t)
// We need to create a new (dummy) device.
if err := driver.Create("some-layer", "", nil); err != nil {
t.Fatalf("setting up some-layer: %v", err)
}
// Mount the device.
_, err := driver.Get("some-layer", "")
if err != nil {
t.Fatalf("mounting some-layer: %v", err)
}
// Create a new subprocess which will inherit our mountpoint, then
// intentionally leak it and stick around. We can't do this entirely within
// Go because forking and namespaces in Go are really not handled well at
// all.
cmd := exec.Cmd{
Path: "/bin/sh",
Args: []string{
"/bin/sh", "-c",
"mount --make-rprivate / && sleep 1000s",
},
SysProcAttr: &syscall.SysProcAttr{
Unshareflags: syscall.CLONE_NEWNS,
},
}
if err := cmd.Start(); err != nil {
t.Fatalf("starting sub-command: %v", err)
}
defer func() {
unix.Kill(cmd.Process.Pid, unix.SIGKILL)
cmd.Wait()
}()
// Now try to "drop" the device.
if err := driver.Put("some-layer"); err != nil {
t.Fatalf("unmounting some-layer: %v", err)
}
}