github/containerd
4
0
Fork 0
Code Issues Pull Requests Packages Projects Releases 2 Wiki Activity

Fix usages of mountinfo.PrefixFilter

Browse Source 
It says: The prefix path **must be absolute, have all symlinks resolved, and cleaned**. But those requirements are violated in lots of places.

What happens when it is given a non-canonicalized path is that `mountinfo.GetMounts` will not find mounts.

The trivial case is:
```
$ mkdir a && ln -s a b && mkdir b/c b/d && mount --bind b/c b/d && cat /proc/mounts | grep -- '[ab]/d'
/dev/sdd3 /home/user/a/d ext4 rw,noatime,discard 0 0
```
We asked to bind-mount b/c to b/d, but ended up with mount in a/d.
So, mount table always contains canonicalized mount points, and it is an error to look for non-canonicalized paths in it.

Signed-off-by: Marat Radchenko <marat@slonopotamus.org>
This commit is contained in:
Marat Radchenko
2023-09-04 12:39:47 +03:00
parent d015c99b2e
commit d94a789d15
7 changed files with 41 additions and 12 deletions
Download Patch File Download Diff File Expand all files Collapse all files

5
pkg/cri/sbserver/helpers_linux.go
View File

@@ -65,6 +65,11 @@ func openLogFile(path string) (*os.File, error) {
// unmountRecursive unmounts the target and all mounts underneath, starting with
// the deepest mount first.
func unmountRecursive(ctx context.Context, target string) error {
target, err := mount.CanonicalizePath(target)
if err != nil {
return err
}
toUnmount, err := mountinfo.GetMounts(mountinfo.PrefixFilter(target))
if err != nil {
return err

5
pkg/cri/sbserver/podsandbox/helpers_linux.go
View File

@@ -143,6 +143,11 @@ func (c *Controller) seccompEnabled() bool {
// unmountRecursive unmounts the target and all mounts underneath, starting with
// the deepest mount first.
func unmountRecursive(ctx context.Context, target string) error {
target, err := mount.CanonicalizePath(target)
if err != nil {
return err
}
toUnmount, err := mountinfo.GetMounts(mountinfo.PrefixFilter(target))
if err != nil {
return err

5
pkg/cri/server/helpers_linux.go
View File

@@ -164,6 +164,11 @@ func openLogFile(path string) (*os.File, error) {
// unmountRecursive unmounts the target and all mounts underneath, starting with
// the deepest mount first.
func unmountRecursive(ctx context.Context, target string) error {
target, err := mount.CanonicalizePath(target)
if err != nil {
return err
}
toUnmount, err := mountinfo.GetMounts(mountinfo.PrefixFilter(target))
if err != nil {
return err