kotovalexarian-likes-github/moby--moby
1
0
Fork 0
mirror of https://github.com/moby/moby.git synced 2022-11-09 12:21:53 -05:00
Code Releases Activity

do not mount /dev/shm or /dev/mqueue if we are mounting from the host

Browse source 
Signed-off-by: Jessica Frazelle <acidburn@docker.com>
This commit is contained in:
Jessica Frazelle 2015-10-01 14:28:27 -07:00
parent 970bc4b5c1
commit b8605a1107
No known key found for this signature in database
GPG key ID: 18F3685C0022BFF3
1 changed files with 70 additions and 50 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

20
daemon/container_unix.go
View file

@ -1237,7 +1237,13 @@ func (container *Container) mqueuePath() (string, error) {
return container.getRootResourcePath("mqueue")
}
func (container *Container) hasMountFor(path string) bool {
_, exists := container.MountPoints[path]
return exists
}
func (container *Container) setupIpcDirs() error {
if !container.hasMountFor("/dev/shm") {
shmPath, err := container.shmPath()
if err != nil {
return err
@ -1250,7 +1256,9 @@ func (container *Container) setupIpcDirs() error {
if err := syscall.Mount("shm", shmPath, "tmpfs", uintptr(syscall.MS_NOEXEC|syscall.MS_NOSUID|syscall.MS_NODEV), label.FormatMountLabel("mode=1777,size=65536k", container.getMountLabel())); err != nil {
return fmt.Errorf("mounting shm tmpfs: %s", err)
}
}
if !container.hasMountFor("/dev/mqueue") {
mqueuePath, err := container.mqueuePath()
if err != nil {
return err
@ -1263,6 +1271,7 @@ func (container *Container) setupIpcDirs() error {
if err := syscall.Mount("mqueue", mqueuePath, "mqueue", uintptr(syscall.MS_NOEXEC|syscall.MS_NOSUID|syscall.MS_NODEV), ""); err != nil {
return fmt.Errorf("mounting mqueue mqueue : %s", err)
}
}
return nil
}
@ -1273,6 +1282,8 @@ func (container *Container) unmountIpcMounts() error {
}
var errors []string
if !container.hasMountFor("/dev/shm") {
shmPath, err := container.shmPath()
if err != nil {
logrus.Error(err)
@ -1284,7 +1295,9 @@ func (container *Container) unmountIpcMounts() error {
}
}
}
if !container.hasMountFor("/dev/mqueue") {
mqueuePath, err := container.mqueuePath()
if err != nil {
logrus.Error(err)
@ -1295,6 +1308,7 @@ func (container *Container) unmountIpcMounts() error {
errors = append(errors, err.Error())
}
}
}
if len(errors) > 0 {
return fmt.Errorf("failed to cleanup ipc mounts:\n%v", strings.Join(errors, "\n"))
@ -1305,6 +1319,8 @@ func (container *Container) unmountIpcMounts() error {
func (container *Container) ipcMounts() []execdriver.Mount {
var mounts []execdriver.Mount
if !container.hasMountFor("/dev/shm") {
label.SetFileLabel(container.ShmPath, container.MountLabel)
mounts = append(mounts, execdriver.Mount{
Source: container.ShmPath,
@ -1312,6 +1328,9 @@ func (container *Container) ipcMounts() []execdriver.Mount {
Writable: true,
Private: true,
})
}
if !container.hasMountFor("/dev/mqueue") {
label.SetFileLabel(container.MqueuePath, container.MountLabel)
mounts = append(mounts, execdriver.Mount{
Source: container.MqueuePath,
@ -1319,6 +1338,7 @@ func (container *Container) ipcMounts() []execdriver.Mount {
Writable: true,
Private: true,
})
}
return mounts
}