make pathWithinBase public

pkg/util/mount/mount.go

@@ -331,8 +331,8 @@ func HasMountRefs(mountPath string, mountRefs []string) bool {
 	return count > 0
 }
 
-// pathWithinBase checks if give path is within given base directory.
-func pathWithinBase(fullPath, basePath string) bool {
+// PathWithinBase checks if give path is within given base directory.
+func PathWithinBase(fullPath, basePath string) bool {
 	rel, err := filepath.Rel(basePath, fullPath)
 	if err != nil {
 		return false

pkg/util/mount/mount_linux.go

@@ -665,7 +665,7 @@ func findMountInfo(path, mountInfoPath string) (mountInfo, error) {
 	// point that is prefix of 'path' - that's the mount where path resides
 	var info *mountInfo
 	for i := len(infos) - 1; i >= 0; i-- {
-		if pathWithinBase(path, infos[i].mountPoint) {
+		if PathWithinBase(path, infos[i].mountPoint) {
 			info = &infos[i]
 			break
 		}
@@ -736,7 +736,7 @@ func (mounter *Mounter) PrepareSafeSubpath(subPath Subpath) (newHostPath string,
 
 // This implementation is shared between Linux and NsEnterMounter
 func safeOpenSubPath(mounter Interface, subpath Subpath) (int, error) {
-	if !pathWithinBase(subpath.Path, subpath.VolumePath) {
+	if !PathWithinBase(subpath.Path, subpath.VolumePath) {
 		return -1, fmt.Errorf("subpath %q not within volume path %q", subpath.Path, subpath.VolumePath)
 	}
 	fd, err := doSafeOpen(subpath.Path, subpath.VolumePath)
@@ -964,7 +964,7 @@ func cleanSubPath(mounter Interface, subpath Subpath) error {
 // removeEmptyDirs works backwards from endDir to baseDir and removes each directory
 // if it is empty.  It stops once it encounters a directory that has content
 func removeEmptyDirs(baseDir, endDir string) error {
-	if !pathWithinBase(endDir, baseDir) {
+	if !PathWithinBase(endDir, baseDir) {
 		return fmt.Errorf("endDir %q is not within baseDir %q", endDir, baseDir)
 	}
 
@@ -1052,7 +1052,7 @@ func getMode(pathname string) (os.FileMode, error) {
 func doSafeMakeDir(pathname string, base string, perm os.FileMode) error {
 	glog.V(4).Infof("Creating directory %q within base %q", pathname, base)
 
-	if !pathWithinBase(pathname, base) {
+	if !PathWithinBase(pathname, base) {
 		return fmt.Errorf("path %s is outside of allowed base %s", pathname, base)
 	}
 
@@ -1079,7 +1079,7 @@ func doSafeMakeDir(pathname string, base string, perm os.FileMode) error {
 	if err != nil {
 		return fmt.Errorf("error opening directory %s: %s", existingPath, err)
 	}
-	if !pathWithinBase(fullExistingPath, base) {
+	if !PathWithinBase(fullExistingPath, base) {
 		return fmt.Errorf("path %s is outside of allowed base %s", fullExistingPath, err)
 	}
 
@@ -1241,7 +1241,7 @@ func doSafeOpen(pathname string, base string) (int, error) {
 	// sure the user cannot change already existing directories into symlinks.
 	for _, seg := range segments {
 		currentPath = filepath.Join(currentPath, seg)
-		if !pathWithinBase(currentPath, base) {
+		if !PathWithinBase(currentPath, base) {
 			return -1, fmt.Errorf("path %s is outside of allowed base %s", currentPath, base)
 		}
 
@@ -1298,7 +1298,7 @@ func searchMountPoints(hostSource, mountInfoPath string) ([]string, error) {
 	// We need search in backward order because it's possible for later mounts
 	// to overlap earlier mounts.
 	for i := len(mis) - 1; i >= 0; i-- {
-		if hostSource == mis[i].mountPoint || pathWithinBase(hostSource, mis[i].mountPoint) {
+		if hostSource == mis[i].mountPoint || PathWithinBase(hostSource, mis[i].mountPoint) {
 			// If it's a mount point or path under a mount point.
 			mountID = mis[i].id
 			rootPath = filepath.Join(mis[i].root, strings.TrimPrefix(hostSource, mis[i].mountPoint))

pkg/util/mount/mount_linux_test.go

@@ -413,7 +413,7 @@ func TestPathWithinBase(t *testing.T) {
 		},
 	}
 	for _, test := range tests {
-		if pathWithinBase(test.fullPath, test.basePath) != test.expected {
+		if PathWithinBase(test.fullPath, test.basePath) != test.expected {
 			t.Errorf("test %q failed: expected %v", test.name, test.expected)
 		}
 

pkg/util/mount/mount_windows.go

@@ -309,7 +309,7 @@ func lockAndCheckSubPathWithoutSymlink(volumePath, subPath string) ([]uintptr, e
 			break
 		}
 
-		if !pathWithinBase(currentFullPath, volumePath) {
+		if !PathWithinBase(currentFullPath, volumePath) {
 			errorResult = fmt.Errorf("SubPath %q not within volume path %q", currentFullPath, volumePath)
 			break
 		}
@@ -499,7 +499,7 @@ func (mounter *Mounter) SafeMakeDir(subdir string, base string, perm os.FileMode
 func doSafeMakeDir(pathname string, base string, perm os.FileMode) error {
 	glog.V(4).Infof("Creating directory %q within base %q", pathname, base)
 
-	if !pathWithinBase(pathname, base) {
+	if !PathWithinBase(pathname, base) {
 		return fmt.Errorf("path %s is outside of allowed base %s", pathname, base)
 	}
 
@@ -534,7 +534,7 @@ func doSafeMakeDir(pathname string, base string, perm os.FileMode) error {
 	if err != nil {
 		return fmt.Errorf("cannot read link %s: %s", base, err)
 	}
-	if !pathWithinBase(fullExistingPath, fullBasePath) {
+	if !PathWithinBase(fullExistingPath, fullBasePath) {
 		return fmt.Errorf("path %s is outside of allowed base %s", fullExistingPath, err)
 	}
 

pkg/util/mount/mount_windows_test.go

@@ -576,8 +576,8 @@ func TestPathWithinBase(t *testing.T) {
 	}
 
 	for _, test := range tests {
-		result := pathWithinBase(test.fullPath, test.basePath)
-		assert.Equal(t, result, test.expectedResult, "Expect result not equal with pathWithinBase(%s, %s) return: %q, expected: %q",
+		result := PathWithinBase(test.fullPath, test.basePath)
+		assert.Equal(t, result, test.expectedResult, "Expect result not equal with PathWithinBase(%s, %s) return: %q, expected: %q",
 			test.fullPath, test.basePath, result, test.expectedResult)
 	}
 }

pkg/util/mount/nsenter_mount.go

@@ -320,7 +320,7 @@ func (mounter *NsenterMounter) SafeMakeDir(subdir string, base string, perm os.F
 	evaluatedBase = filepath.Clean(evaluatedBase)
 
 	rootDir := filepath.Clean(mounter.rootDir)
-	if pathWithinBase(evaluatedBase, rootDir) {
+	if PathWithinBase(evaluatedBase, rootDir) {
 		// Base is in /var/lib/kubelet. This directory is shared between the
 		// container with kubelet and the host. We don't need to add '/rootfs'.
 		// This is useful when /rootfs is mounted as read-only - we can still