kotovalexarian-likes-github/moby--moby
1
0
Fork 0
mirror of https://github.com/moby/moby.git synced 2022-11-09 12:21:53 -05:00
Code Releases Activity

do not mount /dev/shm or /dev/mqueue if we are mounting from the host

Browse source 
Signed-off-by: Jessica Frazelle <acidburn@docker.com>
This commit is contained in:
Jessica Frazelle 2015-10-01 14:28:27 -07:00
parent 970bc4b5c1
commit b8605a1107
No known key found for this signature in database
GPG key ID: 18F3685C0022BFF3
1 changed files with 70 additions and 50 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

120
daemon/container_unix.go
View file

@ -1237,31 +1237,40 @@ func (container *Container) mqueuePath() (string, error) {
return container.getRootResourcePath("mqueue") return container.getRootResourcePath("mqueue")
} }
func (container *Container) hasMountFor(path string) bool {
_, exists := container.MountPoints[path]
return exists
}
func (container *Container) setupIpcDirs() error { func (container *Container) setupIpcDirs() error {
shmPath, err := container.shmPath() if !container.hasMountFor("/dev/shm") {
if err != nil { shmPath, err := container.shmPath()
return err if err != nil {
return err
}
if err := os.MkdirAll(shmPath, 0700); err != nil {
return err
}
if err := syscall.Mount("shm", shmPath, "tmpfs", uintptr(syscall.MS_NOEXEC|syscall.MS_NOSUID|syscall.MS_NODEV), label.FormatMountLabel("mode=1777,size=65536k", container.getMountLabel())); err != nil {
return fmt.Errorf("mounting shm tmpfs: %s", err)
}
} }
if err := os.MkdirAll(shmPath, 0700); err != nil { if !container.hasMountFor("/dev/mqueue") {
return err mqueuePath, err := container.mqueuePath()
} if err != nil {
return err
}
if err := syscall.Mount("shm", shmPath, "tmpfs", uintptr(syscall.MS_NOEXEC|syscall.MS_NOSUID|syscall.MS_NODEV), label.FormatMountLabel("mode=1777,size=65536k", container.getMountLabel())); err != nil { if err := os.MkdirAll(mqueuePath, 0700); err != nil {
return fmt.Errorf("mounting shm tmpfs: %s", err) return err
} }
mqueuePath, err := container.mqueuePath() if err := syscall.Mount("mqueue", mqueuePath, "mqueue", uintptr(syscall.MS_NOEXEC|syscall.MS_NOSUID|syscall.MS_NODEV), ""); err != nil {
if err != nil { return fmt.Errorf("mounting mqueue mqueue : %s", err)
return err }
}
if err := os.MkdirAll(mqueuePath, 0700); err != nil {
return err
}
if err := syscall.Mount("mqueue", mqueuePath, "mqueue", uintptr(syscall.MS_NOEXEC|syscall.MS_NOSUID|syscall.MS_NODEV), ""); err != nil {
return fmt.Errorf("mounting mqueue mqueue : %s", err)
} }
return nil return nil
@ -1273,26 +1282,31 @@ func (container *Container) unmountIpcMounts() error {
} }
var errors []string var errors []string
shmPath, err := container.shmPath()
if err != nil {
logrus.Error(err)
errors = append(errors, err.Error())
} else {
if err := detachMounted(shmPath); err != nil {
logrus.Errorf("failed to umount %s: %v", shmPath, err)
errors = append(errors, err.Error())
}
if !container.hasMountFor("/dev/shm") {
shmPath, err := container.shmPath()
if err != nil {
logrus.Error(err)
errors = append(errors, err.Error())
} else {
if err := detachMounted(shmPath); err != nil {
logrus.Errorf("failed to umount %s: %v", shmPath, err)
errors = append(errors, err.Error())
}
}
} }
mqueuePath, err := container.mqueuePath() if !container.hasMountFor("/dev/mqueue") {
if err != nil { mqueuePath, err := container.mqueuePath()
logrus.Error(err) if err != nil {
errors = append(errors, err.Error()) logrus.Error(err)
} else {
if err := detachMounted(mqueuePath); err != nil {
logrus.Errorf("failed to umount %s: %v", mqueuePath, err)
errors = append(errors, err.Error()) errors = append(errors, err.Error())
} else {
if err := detachMounted(mqueuePath); err != nil {
logrus.Errorf("failed to umount %s: %v", mqueuePath, err)
errors = append(errors, err.Error())
}
} }
} }
@ -1305,20 +1319,26 @@ func (container *Container) unmountIpcMounts() error {
func (container *Container) ipcMounts() []execdriver.Mount { func (container *Container) ipcMounts() []execdriver.Mount {
var mounts []execdriver.Mount var mounts []execdriver.Mount
label.SetFileLabel(container.ShmPath, container.MountLabel)
mounts = append(mounts, execdriver.Mount{ if !container.hasMountFor("/dev/shm") {
Source: container.ShmPath, label.SetFileLabel(container.ShmPath, container.MountLabel)
Destination: "/dev/shm", mounts = append(mounts, execdriver.Mount{
Writable: true, Source: container.ShmPath,
Private: true, Destination: "/dev/shm",
}) Writable: true,
label.SetFileLabel(container.MqueuePath, container.MountLabel) Private: true,
mounts = append(mounts, execdriver.Mount{ })
Source: container.MqueuePath, }
Destination: "/dev/mqueue",
Writable: true, if !container.hasMountFor("/dev/mqueue") {
Private: true, label.SetFileLabel(container.MqueuePath, container.MountLabel)
}) mounts = append(mounts, execdriver.Mount{
Source: container.MqueuePath,
Destination: "/dev/mqueue",
Writable: true,
Private: true,
})
}
return mounts return mounts
} }