kotovalexarian-likes-github
/
moby--moby
mirror of https://github.com/moby/moby.git
1
0
Fork 0
Code Releases Activity

Swarm config: use absolute paths for mount destination strings 

Needed for runc >= 1.0.0-rc94.

See runc issue 2928.

Signed-off-by: Akihiro Suda <akihiro.suda.cz@hco.ntt.co.jp>
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
This commit is contained in:
Akihiro Suda 2021-05-02 04:41:34 +09:00 committed by Sebastiaan van Stijn
parent 9f2b33f75c
commit 9303376242
No known key found for this signature in database
GPG Key ID: 76698F39D527CE8C
3 changed files with 15 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

11
container/container.go
View File

@ -717,6 +717,17 @@ func getSecretTargetPath(r *swarmtypes.SecretReference) string {
return filepath.Join(containerSecretMountPath, r.File.Name)
}
// getConfigTargetPath makes sure that config paths inside the container are
// absolute, as required by the runtime spec, and enforced by runc >= 1.0.0-rc94.
// see https://github.com/opencontainers/runc/issues/2928
func getConfigTargetPath(r *swarmtypes.ConfigReference) string {
if filepath.IsAbs(r.File.Name) {
return r.File.Name
}
return filepath.Join(containerConfigMountPath, r.File.Name)
}
// CreateDaemonEnvironment creates a new environment variable slice for this container.
func (container *Container) CreateDaemonEnvironment(tty bool, linkedEnv []string) []string {
// Setup environment

3
container/container_unix.go
View File

@ -27,6 +27,7 @@ const (
// for the graceful container stop before forcefully terminating it.
DefaultStopTimeout = 10
containerConfigMountPath = "/"
containerSecretMountPath = "/run/secrets"
)
@ -242,7 +243,7 @@ func (container *Container) SecretMounts() ([]Mount, error) {
}
mounts = append(mounts, Mount{
Source: fPath,
Destination: r.File.Name,
Destination: getConfigTargetPath(r),
Writable: false,
})
}

3
container/container_windows.go
View File

@ -12,6 +12,7 @@ import (
)
const (
containerConfigMountPath = `C:\`
containerSecretMountPath = `C:\ProgramData\Docker\secrets`
containerInternalSecretMountPath = `C:\ProgramData\Docker\internal\secrets`
containerInternalConfigsDirPath = `C:\ProgramData\Docker\internal\configs`
@ -87,7 +88,7 @@ func (container *Container) CreateConfigSymlinks() error {
if configRef.File == nil {
continue
}
resolvedPath, _, err := container.ResolvePath(configRef.File.Name)
resolvedPath, _, err := container.ResolvePath(getConfigTargetPath(configRef))
if err != nil {
return err
}