kotovalexarian-likes-github
/
moby--moby
mirror of https://github.com/moby/moby.git
1
0
Fork 0
Code Releases Activity

Merge pull request #16708 from jfrazelle/fix-shm-mqueue-when-mounted-from-host 

do not mount /dev/shm or /dev/mqueue if we are mounting from the host
This commit is contained in:
Brian Goff 2015-10-02 15:13:59 -04:00
parent 134fefbaa2 934d9d6323
commit 662f55d11d
2 changed files with 87 additions and 50 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

20
daemon/container_unix.go
View File

@ -1237,7 +1237,13 @@ func (container *Container) mqueuePath() (string, error) {
return container.getRootResourcePath("mqueue") return container.getRootResourcePath("mqueue")
} }
func (container *Container) hasMountFor(path string) bool {
_, exists := container.MountPoints[path]
return exists
}
func (container *Container) setupIpcDirs() error { func (container *Container) setupIpcDirs() error {
if !container.hasMountFor("/dev/shm") {
shmPath, err := container.shmPath() shmPath, err := container.shmPath()
if err != nil { if err != nil {
return err return err
@ -1250,7 +1256,9 @@ func (container *Container) setupIpcDirs() error {
if err := syscall.Mount("shm", shmPath, "tmpfs", uintptr(syscall.MS_NOEXEC|syscall.MS_NOSUID|syscall.MS_NODEV), label.FormatMountLabel("mode=1777,size=65536k", container.getMountLabel())); err != nil { if err := syscall.Mount("shm", shmPath, "tmpfs", uintptr(syscall.MS_NOEXEC|syscall.MS_NOSUID|syscall.MS_NODEV), label.FormatMountLabel("mode=1777,size=65536k", container.getMountLabel())); err != nil {
return fmt.Errorf("mounting shm tmpfs: %s", err) return fmt.Errorf("mounting shm tmpfs: %s", err)
} }
}
if !container.hasMountFor("/dev/mqueue") {
mqueuePath, err := container.mqueuePath() mqueuePath, err := container.mqueuePath()
if err != nil { if err != nil {
return err return err
@ -1263,6 +1271,7 @@ func (container *Container) setupIpcDirs() error {
if err := syscall.Mount("mqueue", mqueuePath, "mqueue", uintptr(syscall.MS_NOEXEC|syscall.MS_NOSUID|syscall.MS_NODEV), ""); err != nil { if err := syscall.Mount("mqueue", mqueuePath, "mqueue", uintptr(syscall.MS_NOEXEC|syscall.MS_NOSUID|syscall.MS_NODEV), ""); err != nil {
return fmt.Errorf("mounting mqueue mqueue : %s", err) return fmt.Errorf("mounting mqueue mqueue : %s", err)
} }
}
return nil return nil
} }
@ -1273,6 +1282,8 @@ func (container *Container) unmountIpcMounts() error {
} }
var errors []string var errors []string
if !container.hasMountFor("/dev/shm") {
shmPath, err := container.shmPath() shmPath, err := container.shmPath()
if err != nil { if err != nil {
logrus.Error(err) logrus.Error(err)
@ -1284,7 +1295,9 @@ func (container *Container) unmountIpcMounts() error {
} }
} }
}
if !container.hasMountFor("/dev/mqueue") {
mqueuePath, err := container.mqueuePath() mqueuePath, err := container.mqueuePath()
if err != nil { if err != nil {
logrus.Error(err) logrus.Error(err)
@ -1295,6 +1308,7 @@ func (container *Container) unmountIpcMounts() error {
errors = append(errors, err.Error()) errors = append(errors, err.Error())
} }
} }
}
if len(errors) > 0 { if len(errors) > 0 {
return fmt.Errorf("failed to cleanup ipc mounts:\n%v", strings.Join(errors, "\n")) return fmt.Errorf("failed to cleanup ipc mounts:\n%v", strings.Join(errors, "\n"))
@ -1305,6 +1319,8 @@ func (container *Container) unmountIpcMounts() error {
func (container *Container) ipcMounts() []execdriver.Mount { func (container *Container) ipcMounts() []execdriver.Mount {
var mounts []execdriver.Mount var mounts []execdriver.Mount
if !container.hasMountFor("/dev/shm") {
label.SetFileLabel(container.ShmPath, container.MountLabel) label.SetFileLabel(container.ShmPath, container.MountLabel)
mounts = append(mounts, execdriver.Mount{ mounts = append(mounts, execdriver.Mount{
Source: container.ShmPath, Source: container.ShmPath,
@ -1312,6 +1328,9 @@ func (container *Container) ipcMounts() []execdriver.Mount {
Writable: true, Writable: true,
Private: true, Private: true,
}) })
}
if !container.hasMountFor("/dev/mqueue") {
label.SetFileLabel(container.MqueuePath, container.MountLabel) label.SetFileLabel(container.MqueuePath, container.MountLabel)
mounts = append(mounts, execdriver.Mount{ mounts = append(mounts, execdriver.Mount{
Source: container.MqueuePath, Source: container.MqueuePath,
@ -1319,6 +1338,7 @@ func (container *Container) ipcMounts() []execdriver.Mount {
Writable: true, Writable: true,
Private: true, Private: true,
}) })
}
return mounts return mounts
} }

17
integration-cli/docker_cli_run_test.go
View File

@ -2229,6 +2229,23 @@ func (s *DockerSuite) TestRunModeIpcContainerNotRunning(c *check.C) {
} }
} }
func (s *DockerSuite) TestRunMountShmMqueueFromHost(c *check.C) {
// Not applicable on Windows as uses Unix-specific capabilities
testRequires(c, SameHostDaemon, DaemonIsLinux)
dockerCmd(c, "run", "-d", "--name", "shmfromhost", "-v", "/dev/shm:/dev/shm", "busybox", "sh", "-c", "echo -n test > /dev/shm/test && top")
volPath, err := inspectMountSourceField("shmfromhost", "/dev/shm")
c.Assert(err, check.IsNil)
if volPath != "/dev/shm" {
c.Fatalf("volumePath should have been /dev/shm, was %s", volPath)
}
out, _ := dockerCmd(c, "run", "--name", "ipchost", "--ipc", "host", "busybox", "cat", "/dev/shm/test")
if out != "test" {
c.Fatalf("Output of /dev/shm/test expected test but found: %s", out)
}
}
func (s *DockerSuite) TestContainerNetworkMode(c *check.C) { func (s *DockerSuite) TestContainerNetworkMode(c *check.C) {
// Not applicable on Windows as uses Unix-specific capabilities // Not applicable on Windows as uses Unix-specific capabilities
testRequires(c, SameHostDaemon, DaemonIsLinux) testRequires(c, SameHostDaemon, DaemonIsLinux)