kotovalexarian-likes-github
/
moby--moby
mirror of https://github.com/moby/moby.git
1
0
Fork 0
Code Releases Activity

Use "local" secret paths based on the secretID 

This prevents targets with the same basename from colliding.

Signed-off-by: Aaron Lehmann <aaron.lehmann@docker.com>
This commit is contained in:
Aaron Lehmann 2017-04-28 11:48:52 -07:00
parent 67d282a5c9
commit 37ce91ddd6
4 changed files with 12 additions and 11 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

5
container/container.go
View File

@ -954,8 +954,9 @@ func (container *Container) SecretMountPath() string {
return filepath.Join(container.Root, "secrets")
}
func (container *Container) getLocalSecretPath(r *swarmtypes.SecretReference) string {
return filepath.Join(container.SecretMountPath(), filepath.Base(r.File.Name))
// SecretFilePath returns the path to the location of a secret on the host.
func (container *Container) SecretFilePath(secretRef swarmtypes.SecretReference) string {
return filepath.Join(container.SecretMountPath(), secretRef.SecretID)
}
func getSecretTargetPath(r *swarmtypes.SecretReference) string {

10
container/container_unix.go
View File

@ -248,15 +248,15 @@ func (container *Container) IpcMounts() []Mount {
return mounts
}
// SecretMounts returns the mount for the secret path
// SecretMounts returns the mounts for the secret path.
func (container *Container) SecretMounts() []Mount {
var mounts []Mount
for _, r := range container.SecretReferences {
// secrets are created in the SecretMountPath at a single level
// i.e. /var/run/secrets/foo
srcPath := container.getLocalSecretPath(r)
if r.File == nil {
continue
}
mounts = append(mounts, Mount{
Source: srcPath,
Source: container.SecretFilePath(*r),
Destination: getSecretTargetPath(r),
Writable: false,
})

2
container/container_windows.go
View File

@ -47,7 +47,7 @@ func (container *Container) IpcMounts() []Mount {
return nil
}
// SecretMounts returns the mount for the secret path
// SecretMounts returns the mounts for the secret path
func (container *Container) SecretMounts() []Mount {
return nil
}

6
daemon/container_operations_unix.go
View File

@ -177,9 +177,9 @@ func (daemon *Daemon) setupSecretDir(c *container.Container) (setupErr error) {
return fmt.Errorf("secret target type is not a file target")
}
// secrets are created in the SecretMountPath at a single level
// i.e. /var/run/secrets/foo
fPath := filepath.Join(localMountPath, filepath.Base(s.File.Name))
// secrets are created in the SecretMountPath on the host, at a
// single level
fPath := c.SecretFilePath(*s)
if err := idtools.MkdirAllAs(filepath.Dir(fPath), 0700, rootUID, rootGID); err != nil {
return errors.Wrap(err, "error creating secret mount path")
}