LCOW: Store integrity checks

Signed-off-by: John Howard <jhoward@microsoft.com>
2022-11-09 12:21:53 -05:00 · 2017-05-19 10:38:47 -07:00 · 2017-05-19 10:38:47 -07:00 · 87abf34a3d
commit 87abf34a3d
parent 08252bc963
5 changed files with 32 additions and 6 deletions
--- a/daemon/daemon.go
+++ b/daemon/daemon.go
@ -654,6 +654,7 @@ func NewDaemon(config *config.Config, registryService registry.Service, containe
 			IDMappings:                idMappings,
 			PluginGetter:              d.PluginStore,
 			ExperimentalEnabled:       config.Experimental,
+			Platform:                  platform,
 		})
 		if err != nil {
 			return nil, err
--- a/image/store.go
+++ b/image/store.go
@ -3,11 +3,14 @@ package image
 import (
 	"encoding/json"
 	"fmt"
+	"runtime"
+	"strings"
 	"sync"

 	"github.com/Sirupsen/logrus"
 	"github.com/docker/distribution/digestset"
 	"github.com/docker/docker/layer"
+	"github.com/docker/docker/pkg/system"
 	"github.com/opencontainers/go-digest"
 	"github.com/pkg/errors"
 )
@ -113,6 +116,13 @@ func (is *store) Create(config []byte) (ID, error) {
 		return "", err
 	}

+	// Integrity check - ensure we are creating something for the correct platform
+	if runtime.GOOS == "windows" && system.LCOWSupported() {
+		if strings.ToLower(img.Platform()) != strings.ToLower(is.platform) {
+			return "", fmt.Errorf("cannot create entry for platform %q in image store for platform %q", img.Platform(), is.platform)
+		}
+	}
+
 	// Must reject any config that references diffIDs from the history
 	// which aren't among the rootfs layers.
 	rootFSLayers := make(map[layer.DiffID]struct{})
--- a/layer/layer_store.go
+++ b/layer/layer_store.go
@ -5,6 +5,8 @@ import (
 	"fmt"
 	"io"
 	"io/ioutil"
+	"runtime"
+	"strings"
 	"sync"

 	"github.com/Sirupsen/logrus"
@ -13,6 +15,7 @@ import (
 	"github.com/docker/docker/pkg/idtools"
 	"github.com/docker/docker/pkg/plugingetter"
 	"github.com/docker/docker/pkg/stringid"
+	"github.com/docker/docker/pkg/system"
 	"github.com/opencontainers/go-digest"
 	"github.com/vbatts/tar-split/tar/asm"
 	"github.com/vbatts/tar-split/tar/storage"
@ -36,6 +39,8 @@ type layerStore struct {
 	mountL sync.Mutex

 	useTarSplit bool
+
+	platform string
 }

 // StoreOptions are the options used to create a new Store instance
@ -47,6 +52,7 @@ type StoreOptions struct {
 	IDMappings                *idtools.IDMappings
 	PluginGetter              plugingetter.PluginGetter
 	ExperimentalEnabled       bool
+	Platform                  string
 }

 // NewStoreFromOptions creates a new Store instance
@ -68,13 +74,13 @@ func NewStoreFromOptions(options StoreOptions) (Store, error) {
 		return nil, err
 	}

-	return NewStoreFromGraphDriver(fms, driver)
+	return NewStoreFromGraphDriver(fms, driver, options.Platform)
 }

 // NewStoreFromGraphDriver creates a new Store instance using the provided
 // metadata store and graph driver. The metadata store will be used to restore
 // the Store.
-func NewStoreFromGraphDriver(store MetadataStore, driver graphdriver.Driver) (Store, error) {
+func NewStoreFromGraphDriver(store MetadataStore, driver graphdriver.Driver, platform string) (Store, error) {
 	caps := graphdriver.Capabilities{}
 	if capDriver, ok := driver.(graphdriver.CapabilityDriver); ok {
 		caps = capDriver.Capabilities()
@ -86,6 +92,7 @@ func NewStoreFromGraphDriver(store MetadataStore, driver graphdriver.Driver) (St
 		layerMap:    map[ChainID]*roLayer{},
 		mounts:      map[string]*mountedLayer{},
 		useTarSplit: !caps.ReproducesExactDiffs,
+		platform:    platform,
 	}

 	ids, mounts, err := store.List()
@ -264,6 +271,14 @@ func (ls *layerStore) registerWithDescriptor(ts io.Reader, parent ChainID, platf
 	var err error
 	var pid string
 	var p *roLayer
+
+	// Integrity check - ensure we are creating something for the correct platform
+	if runtime.GOOS == "windows" && system.LCOWSupported() {
+		if strings.ToLower(ls.platform) != strings.ToLower(string(platform)) {
+			return nil, fmt.Errorf("cannot create entry for platform %q in layer store for platform %q", platform, ls.platform)
+		}
+	}
+
 	if string(parent) != "" {
 		p = ls.get(parent)
 		if p == nil {
--- a/layer/layer_test.go
+++ b/layer/layer_test.go
@ -71,7 +71,7 @@ func newTestStore(t *testing.T) (Store, string, func()) {
 	if err != nil {
 		t.Fatal(err)
 	}
-	ls, err := NewStoreFromGraphDriver(fms, graph)
+	ls, err := NewStoreFromGraphDriver(fms, graph, runtime.GOOS)
 	if err != nil {
 		t.Fatal(err)
 	}
@ -404,7 +404,7 @@ func TestStoreRestore(t *testing.T) {
 		t.Fatal(err)
 	}

-	ls2, err := NewStoreFromGraphDriver(ls.(*layerStore).store, ls.(*layerStore).driver)
+	ls2, err := NewStoreFromGraphDriver(ls.(*layerStore).store, ls.(*layerStore).driver, runtime.GOOS)
 	if err != nil {
 		t.Fatal(err)
 	}
--- a/layer/migration_test.go
+++ b/layer/migration_test.go
@ -94,7 +94,7 @@ func TestLayerMigration(t *testing.T) {
 	if err != nil {
 		t.Fatal(err)
 	}
-	ls, err := NewStoreFromGraphDriver(fms, graph)
+	ls, err := NewStoreFromGraphDriver(fms, graph, runtime.GOOS)
 	if err != nil {
 		t.Fatal(err)
 	}
@ -222,7 +222,7 @@ func TestLayerMigrationNoTarsplit(t *testing.T) {
 	if err != nil {
 		t.Fatal(err)
 	}
-	ls, err := NewStoreFromGraphDriver(fms, graph)
+	ls, err := NewStoreFromGraphDriver(fms, graph, runtime.GOOS)
 	if err != nil {
 		t.Fatal(err)
 	}