Revert "SUSE: implement SUSE container secrets"

This reverts commit 14cc629.
projectatomic · Nov 17, 2017 · 97d36c3 · 97d36c3
1 parent 9099cbb
commit 97d36c3
Show file tree

Hide file tree

Showing 3 changed files with 4 additions and 268 deletions.
diff --git a/daemon/container_operations_unix.go b/daemon/container_operations_unix.go
@@ -177,6 +177,10 @@ func (daemon *Daemon) setupSecretDir(c *container.Container) (setupErr error) {
 		}
 
 		targetPath := filepath.Clean(s.File.Name)
+		// ensure that the target is a filename only; no paths allowed
+		if targetPath != filepath.Base(targetPath) {
+			return fmt.Errorf("error creating secret: secret must not be a path")
+		}
 
 		fPath := filepath.Join(localMountPath, targetPath)
 		if err := idtools.MkdirAllAs(filepath.Dir(fPath), 0700, rootUID, rootGID); err != nil {
@@ -215,8 +219,6 @@ func (daemon *Daemon) setupSecretDir(c *container.Container) (setupErr error) {
 		}
 	}
 
-	label.Relabel(localMountPath, c.MountLabel, false)
-
 	// remount secrets ro
 	if err := mount.Mount("tmpfs", localMountPath, "tmpfs", "remount,ro,"+tmpfsOwnership); err != nil {
 		return errors.Wrap(err, "unable to remount secret dir as readonly")

diff --git a/daemon/start.go b/daemon/start.go
@@ -146,13 +146,6 @@ func (daemon *Daemon) containerStart(container *container.Container, checkpoint
 		return err
 	}
 
-	if daemon.configStore.EnableSecrets {
-		// SUSE:secrets -- inject the SUSE secret store
-		if err := daemon.injectSuseSecretStore(container); err != nil {
-			return err
-		}
-	}
-
 	spec, err := daemon.createSpec(container)
 	if err != nil {
 		return err

diff --git a/daemon/suse_secrets.go b/daemon/suse_secrets.go