mirror of
https://github.com/containers/podman.git
synced 2025-07-15 03:02:52 +08:00
Allow (but ignore) Cached and Delegated volume options
These are only used on OS X Docker, and ignored elsewhere - but since they are ignored, they're guaranteed to be safe everywhere, and people are using them. Fixes: #3340 Signed-off-by: Matthew Heon <matthew.heon@pm.me>
This commit is contained in:
Matthew Heon
@ -251,9 +251,11 @@ func (config *CreateConfig) getVolumesFrom(runtime *libpod.Runtime) (map[string]
|
||||
return nil, nil, errors.Errorf("invalid options %q, can only specify 'ro', 'rw', and 'z", splitVol[1])
|
||||
}
|
||||
options = strings.Split(splitVol[1], ",")
|
||||
if err := ValidateVolumeOpts(options); err != nil {
|
||||
opts, err := ValidateVolumeOpts(options)
|
||||
if err != nil {
|
||||
return nil, nil, err
|
||||
}
|
||||
options = opts
|
||||
}
|
||||
ctr, err := runtime.LookupContainer(splitVol[0])
|
||||
if err != nil {
|
||||
@ -447,9 +449,11 @@ func getBindMount(args []string) (spec.Mount, error) {
|
||||
newMount.Source = newMount.Destination
|
||||
}
|
||||
|
||||
if err := ValidateVolumeOpts(newMount.Options); err != nil {
|
||||
opts, err := ValidateVolumeOpts(newMount.Options)
|
||||
if err != nil {
|
||||
return newMount, err
|
||||
}
|
||||
newMount.Options = opts
|
||||
|
||||
return newMount, nil
|
||||
}
|
||||
@ -575,35 +579,52 @@ func ValidateVolumeCtrDir(ctrDir string) error {
|
||||
}
|
||||
|
||||
// ValidateVolumeOpts validates a volume's options
|
||||
func ValidateVolumeOpts(options []string) error {
|
||||
func ValidateVolumeOpts(options []string) ([]string, error) {
|
||||
var foundRootPropagation, foundRWRO, foundLabelChange, bindType int
|
||||
finalOpts := make([]string, 0, len(options))
|
||||
discardOpts := []string{"cached", "delegated"}
|
||||
for _, opt := range options {
|
||||
// The discarded ops are OS X specific volume options introduced
|
||||
// in a recent Docker version.
|
||||
// They have no meaning on Linux, so here we silently drop them.
|
||||
// This matches Docker's behavior (the options are intended to
|
||||
// be always safe to use, even not on OS X).
|
||||
bad := false
|
||||
for _, discard := range discardOpts {
|
||||
if opt == discard {
|
||||
bad = true
|
||||
}
|
||||
}
|
||||
if bad {
|
||||
continue
|
||||
}
|
||||
switch opt {
|
||||
case "rw", "ro":
|
||||
foundRWRO++
|
||||
if foundRWRO > 1 {
|
||||
return errors.Errorf("invalid options %q, can only specify 1 'rw' or 'ro' option", strings.Join(options, ", "))
|
||||
return nil, errors.Errorf("invalid options %q, can only specify 1 'rw' or 'ro' option", strings.Join(options, ", "))
|
||||
}
|
||||
case "z", "Z":
|
||||
foundLabelChange++
|
||||
if foundLabelChange > 1 {
|
||||
return errors.Errorf("invalid options %q, can only specify 1 'z' or 'Z' option", strings.Join(options, ", "))
|
||||
return nil, errors.Errorf("invalid options %q, can only specify 1 'z' or 'Z' option", strings.Join(options, ", "))
|
||||
}
|
||||
case "private", "rprivate", "shared", "rshared", "slave", "rslave":
|
||||
foundRootPropagation++
|
||||
if foundRootPropagation > 1 {
|
||||
return errors.Errorf("invalid options %q, can only specify 1 '[r]shared', '[r]private' or '[r]slave' option", strings.Join(options, ", "))
|
||||
return nil, errors.Errorf("invalid options %q, can only specify 1 '[r]shared', '[r]private' or '[r]slave' option", strings.Join(options, ", "))
|
||||
}
|
||||
case "bind", "rbind":
|
||||
bindType++
|
||||
if bindType > 1 {
|
||||
return errors.Errorf("invalid options %q, can only specify 1 '[r]bind' option", strings.Join(options, ", "))
|
||||
return nil, errors.Errorf("invalid options %q, can only specify 1 '[r]bind' option", strings.Join(options, ", "))
|
||||
}
|
||||
default:
|
||||
return errors.Errorf("invalid option type %q", opt)
|
||||
return nil, errors.Errorf("invalid mount option %q", opt)
|
||||
}
|
||||
finalOpts = append(finalOpts, opt)
|
||||
}
|
||||
return nil
|
||||
return finalOpts, nil
|
||||
}
|
||||
|
||||
// GetVolumeMounts takes user provided input for bind mounts and creates Mount structs
|
||||
@ -633,9 +654,11 @@ func (config *CreateConfig) getVolumeMounts() (map[string]spec.Mount, map[string
|
||||
}
|
||||
if len(splitVol) > 2 {
|
||||
options = strings.Split(splitVol[2], ",")
|
||||
if err := ValidateVolumeOpts(options); err != nil {
|
||||
opts, err := ValidateVolumeOpts(options)
|
||||
if err != nil {
|
||||
return nil, nil, err
|
||||
}
|
||||
options = opts
|
||||
}
|
||||
|
||||
if err := ValidateVolumeHostDir(src); err != nil {
|
||||
|
||||
@ -20,26 +20,22 @@ func ProcessOptions(options []string) []string {
|
||||
foundbind, foundrw, foundro bool
|
||||
rootProp string
|
||||
)
|
||||
|
||||
for _, opt := range options {
|
||||
switch opt {
|
||||
case "bind", "rbind":
|
||||
foundbind = true
|
||||
break
|
||||
case "ro":
|
||||
foundro = true
|
||||
case "rw":
|
||||
foundrw = true
|
||||
case "private", "rprivate", "slave", "rslave", "shared", "rshared":
|
||||
rootProp = opt
|
||||
}
|
||||
}
|
||||
if !foundbind {
|
||||
options = append(options, "rbind")
|
||||
}
|
||||
for _, opt := range options {
|
||||
switch opt {
|
||||
case "rw":
|
||||
foundrw = true
|
||||
case "ro":
|
||||
foundro = true
|
||||
case "private", "rprivate", "slave", "rslave", "shared", "rshared":
|
||||
rootProp = opt
|
||||
}
|
||||
}
|
||||
if !foundrw && !foundro {
|
||||
options = append(options, "rw")
|
||||
}
|
||||
|
||||
Reference in New Issue
Block a user