kotovalexarian-likes-github/moby--moby
1
0
Fork 0
mirror of https://github.com/moby/moby.git synced 2022-11-09 12:21:53 -05:00
Code Releases Activity

Swarm config: use absolute paths for mount destination strings

Browse source 
Needed for runc >= 1.0.0-rc94.

See runc issue 2928.

Signed-off-by: Akihiro Suda <akihiro.suda.cz@hco.ntt.co.jp>
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
(cherry picked from commit 9303376242)
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
This commit is contained in:
Akihiro Suda 2021-05-02 04:41:34 +09:00 committed by Sebastiaan van Stijn
parent e4b9915803
commit afbb1277a3
No known key found for this signature in database
GPG key ID: 76698F39D527CE8C
3 changed files with 15 additions and 2 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

11
container/container.go
View file

@ -716,6 +716,17 @@ func getSecretTargetPath(r *swarmtypes.SecretReference) string {
return filepath.Join(containerSecretMountPath, r.File.Name) return filepath.Join(containerSecretMountPath, r.File.Name)
} }
// getConfigTargetPath makes sure that config paths inside the container are
// absolute, as required by the runtime spec, and enforced by runc >= 1.0.0-rc94.
// see https://github.com/opencontainers/runc/issues/2928
func getConfigTargetPath(r *swarmtypes.ConfigReference) string {
if filepath.IsAbs(r.File.Name) {
return r.File.Name
}
return filepath.Join(containerConfigMountPath, r.File.Name)
}
// CreateDaemonEnvironment creates a new environment variable slice for this container. // CreateDaemonEnvironment creates a new environment variable slice for this container.
func (container *Container) CreateDaemonEnvironment(tty bool, linkedEnv []string) []string { func (container *Container) CreateDaemonEnvironment(tty bool, linkedEnv []string) []string {
// Setup environment // Setup environment

3
container/container_unix.go
View file

@ -27,6 +27,7 @@ const (
// for the graceful container stop before forcefully terminating it. // for the graceful container stop before forcefully terminating it.
DefaultStopTimeout = 10 DefaultStopTimeout = 10
containerConfigMountPath = "/"
containerSecretMountPath = "/run/secrets" containerSecretMountPath = "/run/secrets"
) )
@ -242,7 +243,7 @@ func (container *Container) SecretMounts() ([]Mount, error) {
} }
mounts = append(mounts, Mount{ mounts = append(mounts, Mount{
Source: fPath, Source: fPath,
Destination: r.File.Name, Destination: getConfigTargetPath(r),
Writable: false, Writable: false,
}) })
} }

3
container/container_windows.go
View file

@ -12,6 +12,7 @@ import (
) )
const ( const (
containerConfigMountPath = `C:\`
containerSecretMountPath = `C:\ProgramData\Docker\secrets` containerSecretMountPath = `C:\ProgramData\Docker\secrets`
containerInternalSecretMountPath = `C:\ProgramData\Docker\internal\secrets` containerInternalSecretMountPath = `C:\ProgramData\Docker\internal\secrets`
containerInternalConfigsDirPath = `C:\ProgramData\Docker\internal\configs` containerInternalConfigsDirPath = `C:\ProgramData\Docker\internal\configs`
@ -87,7 +88,7 @@ func (container *Container) CreateConfigSymlinks() error {
if configRef.File == nil { if configRef.File == nil {
continue continue
} }
resolvedPath, _, err := container.ResolvePath(configRef.File.Name) resolvedPath, _, err := container.ResolvePath(getConfigTargetPath(configRef))
if err != nil { if err != nil {
return err return err
} }