github/kata-containers
1
0
Fork 1
mirror of https://github.com/kata-containers/kata-containers.git synced 2025-06-30 17:22:33 +00:00
Code Issues Projects Releases Wiki Activity

mounts: fix isSystemMount check for mountSharedDirMounts

Browse Source 
This change updates the isSystemMount check for mountSharedDirMounts
when setting up shared directory mounts for the container and uses
the source of the mount instead of the destination for the check.

We want to exclude system mounts from the host side as they
shouldn't be mounted into the container.

We do however want to allow system mounts within the
container as denying them can prevent some containers from
running properly.

Fixes #1591

Signed-off-by: Alex Price <aprice@atlassian.com>
This commit is contained in:
Alex Price 2019-05-03 12:10:28 +10:00
parent 570eff653f
commit 709feac057
1 changed files with 5 additions and 4 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

9
virtcontainers/container.go
View File

@ -515,10 +515,11 @@ func (c *Container) mountSharedDirMounts(hostSharedDir, guestSharedDir string) (
var sharedDirMounts []Mount
var ignoredMounts []Mount
for idx, m := range c.mounts {
if isSystemMount(m.Destination) {
if !(IsDockerVolume(m.Source) || Isk8sHostEmptyDir(m.Source)) {
continue
}
// Skip mounting certain system paths from the source on the host side
// into the container as it does not make sense to do so.
// Example sources could be /sys/fs/cgroup etc.
if isSystemMount(m.Source) {
continue
}
if m.Type != "bind" {