forked from moby/moby
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
BACKPORT: validate mount path for tmpfs
Upstream reference: moby#30182 Fix https://bugzilla.redhat.com/show_bug.cgi?id=1389545 There was no validation for `docker run --tmpfs foo`. In this PR, only two obvious rules are implemented: - path must be absolute - path must not be "/" We should add more rules carefully. Signed-off-by: Akihiro Suda <suda.akihiro@lab.ntt.co.jp>
- Loading branch information
1 parent
f07af7d
commit eb54cdd
Showing
3 changed files
with
65 additions
and
0 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,43 @@ | ||
// +build !windows | ||
|
||
package main | ||
|
||
import ( | ||
"strings" | ||
|
||
"github.com/go-check/check" | ||
) | ||
|
||
// Test case for #30166 (target was not validated) | ||
func (s *DockerSuite) TestCreateTmpfsMountsTarget(c *check.C) { | ||
testRequires(c, DaemonIsLinux) | ||
type testCase struct { | ||
target string | ||
expectedError string | ||
} | ||
cases := []testCase{ | ||
{ | ||
target: ".", | ||
expectedError: "mount path must be absolute", | ||
}, | ||
{ | ||
target: "foo", | ||
expectedError: "mount path must be absolute", | ||
}, | ||
{ | ||
target: "/", | ||
expectedError: "destination can't be '/'", | ||
}, | ||
{ | ||
target: "//", | ||
expectedError: "destination can't be '/'", | ||
}, | ||
} | ||
for _, x := range cases { | ||
out, _, _ := dockerCmdWithError("create", "--tmpfs", x.target, "busybox", "sh") | ||
if x.expectedError != "" && !strings.Contains(out, x.expectedError) { | ||
c.Fatalf("mounting tmpfs over %q should fail with %q, but got %q", | ||
x.target, x.expectedError, out) | ||
} | ||
} | ||
} |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters