From 87abf34a3d7bb63e3948eb1d801ac43b379d779e Mon Sep 17 00:00:00 2001 From: John Howard Date: Fri, 19 May 2017 10:38:47 -0700 Subject: [PATCH] LCOW: Store integrity checks Signed-off-by: John Howard --- daemon/daemon.go | 1 + image/store.go | 10 ++++++++++ layer/layer_store.go | 19 +++++++++++++++++-- layer/layer_test.go | 4 ++-- layer/migration_test.go | 4 ++-- 5 files changed, 32 insertions(+), 6 deletions(-) diff --git a/daemon/daemon.go b/daemon/daemon.go index 54c946dcdc..c188d6aa07 100644 --- a/daemon/daemon.go +++ b/daemon/daemon.go @@ -654,6 +654,7 @@ func NewDaemon(config *config.Config, registryService registry.Service, containe IDMappings: idMappings, PluginGetter: d.PluginStore, ExperimentalEnabled: config.Experimental, + Platform: platform, }) if err != nil { return nil, err diff --git a/image/store.go b/image/store.go index 8cdf113944..7508e4f305 100644 --- a/image/store.go +++ b/image/store.go @@ -3,11 +3,14 @@ package image import ( "encoding/json" "fmt" + "runtime" + "strings" "sync" "github.com/Sirupsen/logrus" "github.com/docker/distribution/digestset" "github.com/docker/docker/layer" + "github.com/docker/docker/pkg/system" "github.com/opencontainers/go-digest" "github.com/pkg/errors" ) @@ -113,6 +116,13 @@ func (is *store) Create(config []byte) (ID, error) { return "", err } + // Integrity check - ensure we are creating something for the correct platform + if runtime.GOOS == "windows" && system.LCOWSupported() { + if strings.ToLower(img.Platform()) != strings.ToLower(is.platform) { + return "", fmt.Errorf("cannot create entry for platform %q in image store for platform %q", img.Platform(), is.platform) + } + } + // Must reject any config that references diffIDs from the history // which aren't among the rootfs layers. rootFSLayers := make(map[layer.DiffID]struct{}) diff --git a/layer/layer_store.go b/layer/layer_store.go index 3feda11b79..e7c424aa92 100644 --- a/layer/layer_store.go +++ b/layer/layer_store.go @@ -5,6 +5,8 @@ import ( "fmt" "io" "io/ioutil" + "runtime" + "strings" "sync" "github.com/Sirupsen/logrus" @@ -13,6 +15,7 @@ import ( "github.com/docker/docker/pkg/idtools" "github.com/docker/docker/pkg/plugingetter" "github.com/docker/docker/pkg/stringid" + "github.com/docker/docker/pkg/system" "github.com/opencontainers/go-digest" "github.com/vbatts/tar-split/tar/asm" "github.com/vbatts/tar-split/tar/storage" @@ -36,6 +39,8 @@ type layerStore struct { mountL sync.Mutex useTarSplit bool + + platform string } // StoreOptions are the options used to create a new Store instance @@ -47,6 +52,7 @@ type StoreOptions struct { IDMappings *idtools.IDMappings PluginGetter plugingetter.PluginGetter ExperimentalEnabled bool + Platform string } // NewStoreFromOptions creates a new Store instance @@ -68,13 +74,13 @@ func NewStoreFromOptions(options StoreOptions) (Store, error) { return nil, err } - return NewStoreFromGraphDriver(fms, driver) + return NewStoreFromGraphDriver(fms, driver, options.Platform) } // NewStoreFromGraphDriver creates a new Store instance using the provided // metadata store and graph driver. The metadata store will be used to restore // the Store. -func NewStoreFromGraphDriver(store MetadataStore, driver graphdriver.Driver) (Store, error) { +func NewStoreFromGraphDriver(store MetadataStore, driver graphdriver.Driver, platform string) (Store, error) { caps := graphdriver.Capabilities{} if capDriver, ok := driver.(graphdriver.CapabilityDriver); ok { caps = capDriver.Capabilities() @@ -86,6 +92,7 @@ func NewStoreFromGraphDriver(store MetadataStore, driver graphdriver.Driver) (St layerMap: map[ChainID]*roLayer{}, mounts: map[string]*mountedLayer{}, useTarSplit: !caps.ReproducesExactDiffs, + platform: platform, } ids, mounts, err := store.List() @@ -264,6 +271,14 @@ func (ls *layerStore) registerWithDescriptor(ts io.Reader, parent ChainID, platf var err error var pid string var p *roLayer + + // Integrity check - ensure we are creating something for the correct platform + if runtime.GOOS == "windows" && system.LCOWSupported() { + if strings.ToLower(ls.platform) != strings.ToLower(string(platform)) { + return nil, fmt.Errorf("cannot create entry for platform %q in layer store for platform %q", platform, ls.platform) + } + } + if string(parent) != "" { p = ls.get(parent) if p == nil { diff --git a/layer/layer_test.go b/layer/layer_test.go index 52f6326aee..8ec5b4df54 100644 --- a/layer/layer_test.go +++ b/layer/layer_test.go @@ -71,7 +71,7 @@ func newTestStore(t *testing.T) (Store, string, func()) { if err != nil { t.Fatal(err) } - ls, err := NewStoreFromGraphDriver(fms, graph) + ls, err := NewStoreFromGraphDriver(fms, graph, runtime.GOOS) if err != nil { t.Fatal(err) } @@ -404,7 +404,7 @@ func TestStoreRestore(t *testing.T) { t.Fatal(err) } - ls2, err := NewStoreFromGraphDriver(ls.(*layerStore).store, ls.(*layerStore).driver) + ls2, err := NewStoreFromGraphDriver(ls.(*layerStore).store, ls.(*layerStore).driver, runtime.GOOS) if err != nil { t.Fatal(err) } diff --git a/layer/migration_test.go b/layer/migration_test.go index b1dc6af8b4..7364e6cdc8 100644 --- a/layer/migration_test.go +++ b/layer/migration_test.go @@ -94,7 +94,7 @@ func TestLayerMigration(t *testing.T) { if err != nil { t.Fatal(err) } - ls, err := NewStoreFromGraphDriver(fms, graph) + ls, err := NewStoreFromGraphDriver(fms, graph, runtime.GOOS) if err != nil { t.Fatal(err) } @@ -222,7 +222,7 @@ func TestLayerMigrationNoTarsplit(t *testing.T) { if err != nil { t.Fatal(err) } - ls, err := NewStoreFromGraphDriver(fms, graph) + ls, err := NewStoreFromGraphDriver(fms, graph, runtime.GOOS) if err != nil { t.Fatal(err) }