From 7157d4582b46bc3f6eaf2b5adcdd748c55bc8877 Mon Sep 17 00:00:00 2001 From: NickrenREN Date: Fri, 17 Aug 2018 11:23:00 +0800 Subject: [PATCH] make pathWithinBase public --- pkg/util/mount/mount.go | 4 ++-- pkg/util/mount/mount_linux.go | 14 +++++++------- pkg/util/mount/mount_linux_test.go | 2 +- pkg/util/mount/mount_windows.go | 6 +++--- pkg/util/mount/mount_windows_test.go | 4 ++-- pkg/util/mount/nsenter_mount.go | 2 +- 6 files changed, 16 insertions(+), 16 deletions(-) diff --git a/pkg/util/mount/mount.go b/pkg/util/mount/mount.go index ea9cbe1c690..b48caaffbb6 100644 --- a/pkg/util/mount/mount.go +++ b/pkg/util/mount/mount.go @@ -331,8 +331,8 @@ func HasMountRefs(mountPath string, mountRefs []string) bool { return count > 0 } -// pathWithinBase checks if give path is within given base directory. -func pathWithinBase(fullPath, basePath string) bool { +// PathWithinBase checks if give path is within given base directory. +func PathWithinBase(fullPath, basePath string) bool { rel, err := filepath.Rel(basePath, fullPath) if err != nil { return false diff --git a/pkg/util/mount/mount_linux.go b/pkg/util/mount/mount_linux.go index 33a3cb8e735..6b1c0010442 100644 --- a/pkg/util/mount/mount_linux.go +++ b/pkg/util/mount/mount_linux.go @@ -665,7 +665,7 @@ func findMountInfo(path, mountInfoPath string) (mountInfo, error) { // point that is prefix of 'path' - that's the mount where path resides var info *mountInfo for i := len(infos) - 1; i >= 0; i-- { - if pathWithinBase(path, infos[i].mountPoint) { + if PathWithinBase(path, infos[i].mountPoint) { info = &infos[i] break } @@ -736,7 +736,7 @@ func (mounter *Mounter) PrepareSafeSubpath(subPath Subpath) (newHostPath string, // This implementation is shared between Linux and NsEnterMounter func safeOpenSubPath(mounter Interface, subpath Subpath) (int, error) { - if !pathWithinBase(subpath.Path, subpath.VolumePath) { + if !PathWithinBase(subpath.Path, subpath.VolumePath) { return -1, fmt.Errorf("subpath %q not within volume path %q", subpath.Path, subpath.VolumePath) } fd, err := doSafeOpen(subpath.Path, subpath.VolumePath) @@ -964,7 +964,7 @@ func cleanSubPath(mounter Interface, subpath Subpath) error { // removeEmptyDirs works backwards from endDir to baseDir and removes each directory // if it is empty. It stops once it encounters a directory that has content func removeEmptyDirs(baseDir, endDir string) error { - if !pathWithinBase(endDir, baseDir) { + if !PathWithinBase(endDir, baseDir) { return fmt.Errorf("endDir %q is not within baseDir %q", endDir, baseDir) } @@ -1052,7 +1052,7 @@ func getMode(pathname string) (os.FileMode, error) { func doSafeMakeDir(pathname string, base string, perm os.FileMode) error { glog.V(4).Infof("Creating directory %q within base %q", pathname, base) - if !pathWithinBase(pathname, base) { + if !PathWithinBase(pathname, base) { return fmt.Errorf("path %s is outside of allowed base %s", pathname, base) } @@ -1079,7 +1079,7 @@ func doSafeMakeDir(pathname string, base string, perm os.FileMode) error { if err != nil { return fmt.Errorf("error opening directory %s: %s", existingPath, err) } - if !pathWithinBase(fullExistingPath, base) { + if !PathWithinBase(fullExistingPath, base) { return fmt.Errorf("path %s is outside of allowed base %s", fullExistingPath, err) } @@ -1241,7 +1241,7 @@ func doSafeOpen(pathname string, base string) (int, error) { // sure the user cannot change already existing directories into symlinks. for _, seg := range segments { currentPath = filepath.Join(currentPath, seg) - if !pathWithinBase(currentPath, base) { + if !PathWithinBase(currentPath, base) { return -1, fmt.Errorf("path %s is outside of allowed base %s", currentPath, base) } @@ -1298,7 +1298,7 @@ func searchMountPoints(hostSource, mountInfoPath string) ([]string, error) { // We need search in backward order because it's possible for later mounts // to overlap earlier mounts. for i := len(mis) - 1; i >= 0; i-- { - if hostSource == mis[i].mountPoint || pathWithinBase(hostSource, mis[i].mountPoint) { + if hostSource == mis[i].mountPoint || PathWithinBase(hostSource, mis[i].mountPoint) { // If it's a mount point or path under a mount point. mountID = mis[i].id rootPath = filepath.Join(mis[i].root, strings.TrimPrefix(hostSource, mis[i].mountPoint)) diff --git a/pkg/util/mount/mount_linux_test.go b/pkg/util/mount/mount_linux_test.go index fdcd719e1de..530899d5ab0 100644 --- a/pkg/util/mount/mount_linux_test.go +++ b/pkg/util/mount/mount_linux_test.go @@ -413,7 +413,7 @@ func TestPathWithinBase(t *testing.T) { }, } for _, test := range tests { - if pathWithinBase(test.fullPath, test.basePath) != test.expected { + if PathWithinBase(test.fullPath, test.basePath) != test.expected { t.Errorf("test %q failed: expected %v", test.name, test.expected) } diff --git a/pkg/util/mount/mount_windows.go b/pkg/util/mount/mount_windows.go index a690167a998..b3206d18c1c 100644 --- a/pkg/util/mount/mount_windows.go +++ b/pkg/util/mount/mount_windows.go @@ -309,7 +309,7 @@ func lockAndCheckSubPathWithoutSymlink(volumePath, subPath string) ([]uintptr, e break } - if !pathWithinBase(currentFullPath, volumePath) { + if !PathWithinBase(currentFullPath, volumePath) { errorResult = fmt.Errorf("SubPath %q not within volume path %q", currentFullPath, volumePath) break } @@ -499,7 +499,7 @@ func (mounter *Mounter) SafeMakeDir(subdir string, base string, perm os.FileMode func doSafeMakeDir(pathname string, base string, perm os.FileMode) error { glog.V(4).Infof("Creating directory %q within base %q", pathname, base) - if !pathWithinBase(pathname, base) { + if !PathWithinBase(pathname, base) { return fmt.Errorf("path %s is outside of allowed base %s", pathname, base) } @@ -534,7 +534,7 @@ func doSafeMakeDir(pathname string, base string, perm os.FileMode) error { if err != nil { return fmt.Errorf("cannot read link %s: %s", base, err) } - if !pathWithinBase(fullExistingPath, fullBasePath) { + if !PathWithinBase(fullExistingPath, fullBasePath) { return fmt.Errorf("path %s is outside of allowed base %s", fullExistingPath, err) } diff --git a/pkg/util/mount/mount_windows_test.go b/pkg/util/mount/mount_windows_test.go index c292e9f86bd..f495c889cfc 100644 --- a/pkg/util/mount/mount_windows_test.go +++ b/pkg/util/mount/mount_windows_test.go @@ -576,8 +576,8 @@ func TestPathWithinBase(t *testing.T) { } for _, test := range tests { - result := pathWithinBase(test.fullPath, test.basePath) - assert.Equal(t, result, test.expectedResult, "Expect result not equal with pathWithinBase(%s, %s) return: %q, expected: %q", + result := PathWithinBase(test.fullPath, test.basePath) + assert.Equal(t, result, test.expectedResult, "Expect result not equal with PathWithinBase(%s, %s) return: %q, expected: %q", test.fullPath, test.basePath, result, test.expectedResult) } } diff --git a/pkg/util/mount/nsenter_mount.go b/pkg/util/mount/nsenter_mount.go index bf2dbf630b1..a798defe9bf 100644 --- a/pkg/util/mount/nsenter_mount.go +++ b/pkg/util/mount/nsenter_mount.go @@ -320,7 +320,7 @@ func (mounter *NsenterMounter) SafeMakeDir(subdir string, base string, perm os.F evaluatedBase = filepath.Clean(evaluatedBase) rootDir := filepath.Clean(mounter.rootDir) - if pathWithinBase(evaluatedBase, rootDir) { + if PathWithinBase(evaluatedBase, rootDir) { // Base is in /var/lib/kubelet. This directory is shared between the // container with kubelet and the host. We don't need to add '/rootfs'. // This is useful when /rootfs is mounted as read-only - we can still