Browse code
Swarm config: use absolute paths for mount destination strings
Needed for runc >= 1.0.0-rc94.
See runc issue 2928.
Signed-off-by: Akihiro Suda <akihiro.suda.cz@hco.ntt.co.jp>
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
(cherry picked from commit 930337624250945472001136e7bcb8e5b102bb87)
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
Akihiro Suda authored on 2021/05/02 04:41:34Showing 3 changed files
| ... | ... |
@@ -716,6 +716,17 @@ func getSecretTargetPath(r *swarmtypes.SecretReference) string {
|
| 716 | 716 |
return filepath.Join(containerSecretMountPath, r.File.Name) |
| 717 | 717 |
} |
| 718 | 718 |
|
| 719 |
+// getConfigTargetPath makes sure that config paths inside the container are |
|
| 720 |
+// absolute, as required by the runtime spec, and enforced by runc >= 1.0.0-rc94. |
|
| 721 |
+// see https://github.com/opencontainers/runc/issues/2928 |
|
| 722 |
+func getConfigTargetPath(r *swarmtypes.ConfigReference) string {
|
|
| 723 |
+ if filepath.IsAbs(r.File.Name) {
|
|
| 724 |
+ return r.File.Name |
|
| 725 |
+ } |
|
| 726 |
+ |
|
| 727 |
+ return filepath.Join(containerConfigMountPath, r.File.Name) |
|
| 728 |
+} |
|
| 729 |
+ |
|
| 719 | 730 |
// CreateDaemonEnvironment creates a new environment variable slice for this container. |
| 720 | 731 |
func (container *Container) CreateDaemonEnvironment(tty bool, linkedEnv []string) []string {
|
| 721 | 732 |
// Setup environment |
| ... | ... |
@@ -27,6 +27,7 @@ const ( |
| 27 | 27 |
// for the graceful container stop before forcefully terminating it. |
| 28 | 28 |
DefaultStopTimeout = 10 |
| 29 | 29 |
|
| 30 |
+ containerConfigMountPath = "/" |
|
| 30 | 31 |
containerSecretMountPath = "/run/secrets" |
| 31 | 32 |
) |
| 32 | 33 |
|
| ... | ... |
@@ -242,7 +243,7 @@ func (container *Container) SecretMounts() ([]Mount, error) {
|
| 242 | 242 |
} |
| 243 | 243 |
mounts = append(mounts, Mount{
|
| 244 | 244 |
Source: fPath, |
| 245 |
- Destination: r.File.Name, |
|
| 245 |
+ Destination: getConfigTargetPath(r), |
|
| 246 | 246 |
Writable: false, |
| 247 | 247 |
}) |
| 248 | 248 |
} |
| ... | ... |
@@ -12,6 +12,7 @@ import ( |
| 12 | 12 |
) |
| 13 | 13 |
|
| 14 | 14 |
const ( |
| 15 |
+ containerConfigMountPath = `C:\` |
|
| 15 | 16 |
containerSecretMountPath = `C:\ProgramData\Docker\secrets` |
| 16 | 17 |
containerInternalSecretMountPath = `C:\ProgramData\Docker\internal\secrets` |
| 17 | 18 |
containerInternalConfigsDirPath = `C:\ProgramData\Docker\internal\configs` |
| ... | ... |
@@ -87,7 +88,7 @@ func (container *Container) CreateConfigSymlinks() error {
|
| 87 | 87 |
if configRef.File == nil {
|
| 88 | 88 |
continue |
| 89 | 89 |
} |
| 90 |
- resolvedPath, _, err := container.ResolvePath(configRef.File.Name) |
|
| 90 |
+ resolvedPath, _, err := container.ResolvePath(getConfigTargetPath(configRef)) |
|
| 91 | 91 |
if err != nil {
|
| 92 | 92 |
return err |
| 93 | 93 |
} |