kotovalexarian-likes-github/moby--moby
1
0
Fork 0
mirror of https://github.com/moby/moby.git synced 2022-11-09 12:21:53 -05:00
Code Releases Activity

Do not parse config.Volumes for named volumes

Browse source 
Fixes an issue where `VOLUME some_name:/foo` would be parsed as a named
volume, allowing access from the builder to any volume on the host.

This makes sure that named volumes must always be passed in as a bind.

Signed-off-by: Brian Goff <cpuguy83@gmail.com>
This commit is contained in:
Brian Goff 2015-09-29 10:01:57 -04:00
parent d6e7350b96
commit 8e5bb8fdd3
2 changed files with 16 additions and 13 deletions
Download patch file Download diff file Expand all files Collapse all files

15
daemon/create_unix.go
View file

@ -5,7 +5,6 @@ package daemon
import ( import (
"os" "os"
"path/filepath" "path/filepath"
"strings"
derr "github.com/docker/docker/errors" derr "github.com/docker/docker/errors"
"github.com/docker/docker/image" "github.com/docker/docker/image"
@ -18,17 +17,9 @@ import (
// createContainerPlatformSpecificSettings performs platform specific container create functionality // createContainerPlatformSpecificSettings performs platform specific container create functionality
func createContainerPlatformSpecificSettings(container *Container, config *runconfig.Config, hostConfig *runconfig.HostConfig, img *image.Image) error { func createContainerPlatformSpecificSettings(container *Container, config *runconfig.Config, hostConfig *runconfig.HostConfig, img *image.Image) error {
for spec := range config.Volumes { for spec := range config.Volumes {
var ( name := stringid.GenerateNonCryptoID()
name, destination string destination := filepath.Clean(spec)
parts = strings.Split(spec, ":")
)
switch len(parts) {
case 2:
name, destination = parts[0], filepath.Clean(parts[1])
default:
name = stringid.GenerateNonCryptoID()
destination = filepath.Clean(parts[0])
}
// Skip volumes for which we already have something mounted on that // Skip volumes for which we already have something mounted on that
// destination because of a --volume-from. // destination because of a --volume-from.
if container.isDestinationMounted(destination) { if container.isDestinationMounted(destination) {

14
integration-cli/docker_cli_build_test.go
View file

@ -5641,7 +5641,7 @@ func (s *DockerSuite) TestBuildNullStringInAddCopyVolume(c *check.C) {
ctx, err := fakeContext(` ctx, err := fakeContext(`
FROM busybox FROM busybox
ADD null / ADD null /
COPY nullfile / COPY nullfile /
VOLUME nullvolume VOLUME nullvolume
@ -6194,3 +6194,15 @@ func (s *DockerSuite) TestBuildBuildTimeArgDefintionWithNoEnvInjection(c *check.
c.Fatalf("unexpected number of occurrences of the arg in output: %q expected: 1", out) c.Fatalf("unexpected number of occurrences of the arg in output: %q expected: 1", out)
} }
} }
func (s *DockerSuite) TestBuildNoNamedVolume(c *check.C) {
testRequires(c, DaemonIsLinux)
dockerCmd(c, "run", "-v", "testname:/foo", "busybox", "sh", "-c", "touch /foo/oops")
dockerFile := `FROM busybox
VOLUME testname:/foo
RUN ls /foo/oops
`
_, err := buildImage("test", dockerFile, false)
c.Assert(err, check.NotNil, check.Commentf("image build should have failed"))
}