Browse code
libcontainer: Ensure bind mount target files are inside rootfs
Before we create any files to bind-mount on, make sure they are
inside the container rootfs, handling for instance absolute symbolic
links inside the container.
Docker-DCO-1.1-Signed-off-by: Alexander Larsson <alexl@redhat.com> (github: alexlarsson)
Alexander Larsson authored on 2014/05/13 22:42:21Showing 1 changed files
| ... | ... |
@@ -12,6 +12,7 @@ import ( |
| 12 | 12 |
"github.com/dotcloud/docker/pkg/libcontainer" |
| 13 | 13 |
"github.com/dotcloud/docker/pkg/libcontainer/mount/nodes" |
| 14 | 14 |
"github.com/dotcloud/docker/pkg/system" |
| 15 |
+ "github.com/dotcloud/docker/utils" |
|
| 15 | 16 |
) |
| 16 | 17 |
|
| 17 | 18 |
// default mount point flags |
| ... | ... |
@@ -127,6 +128,12 @@ func setupBindmounts(rootfs string, bindMounts libcontainer.Mounts) error {
|
| 127 | 127 |
if err != nil {
|
| 128 | 128 |
return err |
| 129 | 129 |
} |
| 130 |
+ |
|
| 131 |
+ dest, err = utils.FollowSymlinkInScope(dest, rootfs) |
|
| 132 |
+ if err != nil {
|
|
| 133 |
+ return err |
|
| 134 |
+ } |
|
| 135 |
+ |
|
| 130 | 136 |
if err := createIfNotExists(dest, stat.IsDir()); err != nil {
|
| 131 | 137 |
return fmt.Errorf("Creating new bind-mount target, %s", err)
|
| 132 | 138 |
} |