opensource/podman
1
0
Fork 0
mirror of https://github.com/containers/podman.git synced 2025-05-17 23:26:08 +08:00
Code Issues Packages Projects Releases Wiki Activity

libpod: fix lookup for subpath in volumes

Browse Source 
a subdirectory that is below a mount destination is detected as a
subpath.

Closes: https://github.com/containers/podman/issues/15789

Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
This commit is contained in:
Giuseppe Scrivano
2022-09-14 13:01:43 +02:00
parent 92dc61d5ed
commit 14e5d1c15d
3 changed files with 59 additions and 4 deletions
Download Patch File Download Diff File Expand all files Collapse all files

26
libpod/container_path_resolution.go
View File

@ -119,15 +119,29 @@ func findVolume(c *Container, containerPath string) (*Volume, error) {
return nil, nil
}
// isSubDir checks whether path is a subdirectory of root.
func isSubDir(path, root string) bool {
// check if the specified container path is below a bind mount.
rel, err := filepath.Rel(root, path)
if err != nil {
return false
}
return rel != ".." && !strings.HasPrefix(rel, "../")
}
// isPathOnVolume returns true if the specified containerPath is a subdir of any
// Volume's destination.
func isPathOnVolume(c *Container, containerPath string) bool {
cleanedContainerPath := filepath.Clean(containerPath)
for _, vol := range c.config.NamedVolumes {
if cleanedContainerPath == filepath.Clean(vol.Dest) {
cleanedDestination := filepath.Clean(vol.Dest)
if cleanedContainerPath == cleanedDestination {
return true
}
for dest := vol.Dest; dest != "/" && dest != "."; dest = filepath.Dir(dest) {
if isSubDir(cleanedContainerPath, cleanedDestination) {
return true
}
for dest := cleanedDestination; dest != "/" && dest != "."; dest = filepath.Dir(dest) {
if cleanedContainerPath == dest {
return true
}
@ -157,10 +171,14 @@ func findBindMount(c *Container, containerPath string) *specs.Mount {
func isPathOnMount(c *Container, containerPath string) bool {
cleanedContainerPath := filepath.Clean(containerPath)
for _, m := range c.config.Spec.Mounts {
if cleanedContainerPath == filepath.Clean(m.Destination) {
cleanedDestination := filepath.Clean(m.Destination)
if cleanedContainerPath == cleanedDestination {
return true
}
for dest := m.Destination; dest != "/" && dest != "."; dest = filepath.Dir(dest) {
if isSubDir(cleanedContainerPath, cleanedDestination) {
return true
}
for dest := cleanedDestination; dest != "/" && dest != "."; dest = filepath.Dir(dest) {
if cleanedContainerPath == dest {
return true
}