Skip to content
This repository has been archived by the owner on Oct 13, 2023. It is now read-only.

[17.06.1] Backport engine userns secrets-mounting fix #121

Merged
merged 1 commit into from
Jul 24, 2017
Merged

[17.06.1] Backport engine userns secrets-mounting fix #121

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
1 commit
Select commit
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
5 changes: 3 additions & 2 deletions components/engine/pkg/mount/mounter_linux.go
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -29,8 +29,9 @@ func isremount(device string, flags uintptr) bool {

func mount(device, target, mType string, flags uintptr, data string) error {
oflags := flags &^ ptypes
if !isremount(device, flags) {
// Initial call applying all non-propagation flags.
if !isremount(device, flags) || data != "" {
// Initial call applying all non-propagation flags for mount
// or remount with changed data
if err := syscall.Mount(device, target, mType, oflags, data); err != nil {
return err
}
Expand Down
71 changes: 52 additions & 19 deletions components/engine/pkg/mount/mounter_linux_test.go
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -26,7 +26,7 @@ func TestMount(t *testing.T) {
t.Fatal(err)
}
defer ensureUnmount(t, source)
validateMount(t, source, "", "")
validateMount(t, source, "", "", "")
if t.Failed() {
t.FailNow()
}
Expand All @@ -43,27 +43,31 @@ func TestMount(t *testing.T) {
options string
expectedOpts string
expectedOptional string
expectedVFS string
}{
// No options
{"tmpfs", "tmpfs", "", "", ""},
{"tmpfs", "tmpfs", "", "", "", ""},
// Default rw / ro test
{source, "", "bind", "", ""},
{source, "", "bind,private", "", ""},
{source, "", "bind,shared", "", "shared"},
{source, "", "bind,slave", "", "master"},
{source, "", "bind,unbindable", "", "unbindable"},
{source, "", "bind", "", "", ""},
{source, "", "bind,private", "", "", ""},
{source, "", "bind,shared", "", "shared", ""},
{source, "", "bind,slave", "", "master", ""},
{source, "", "bind,unbindable", "", "unbindable", ""},
// Read Write tests
{source, "", "bind,rw", "rw", ""},
{source, "", "bind,rw,private", "rw", ""},
{source, "", "bind,rw,shared", "rw", "shared"},
{source, "", "bind,rw,slave", "rw", "master"},
{source, "", "bind,rw,unbindable", "rw", "unbindable"},
{source, "", "bind,rw", "rw", "", ""},
{source, "", "bind,rw,private", "rw", "", ""},
{source, "", "bind,rw,shared", "rw", "shared", ""},
{source, "", "bind,rw,slave", "rw", "master", ""},
{source, "", "bind,rw,unbindable", "rw", "unbindable", ""},
// Read Only tests
{source, "", "bind,ro", "ro", ""},
{source, "", "bind,ro,private", "ro", ""},
{source, "", "bind,ro,shared", "ro", "shared"},
{source, "", "bind,ro,slave", "ro", "master"},
{source, "", "bind,ro,unbindable", "ro", "unbindable"},
{source, "", "bind,ro", "ro", "", ""},
{source, "", "bind,ro,private", "ro", "", ""},
{source, "", "bind,ro,shared", "ro", "shared", ""},
{source, "", "bind,ro,slave", "ro", "master", ""},
{source, "", "bind,ro,unbindable", "ro", "unbindable", ""},
// Remount tests to change per filesystem options
{"", "", "remount,size=128k", "rw", "", "rw,size=128k"},
{"", "", "remount,ro,size=128k", "ro", "", "ro,size=128k"},
}

for _, tc := range tests {
Expand All @@ -87,11 +91,17 @@ func TestMount(t *testing.T) {
}
}()
}
if strings.Contains(tc.options, "remount") {
// create a new mount to remount first
if err := Mount("tmpfs", target, "tmpfs", ""); err != nil {
t.Fatal(err)
}
}
if err := Mount(tc.source, target, tc.ftype, tc.options); err != nil {
t.Fatal(err)
}
defer ensureUnmount(t, target)
validateMount(t, target, tc.expectedOpts, tc.expectedOptional)
validateMount(t, target, tc.expectedOpts, tc.expectedOptional, tc.expectedVFS)
})
}
}
Expand All @@ -104,7 +114,7 @@ func ensureUnmount(t *testing.T, mnt string) {
}

// validateMount checks that mnt has the given options
func validateMount(t *testing.T, mnt string, opts, optional string) {
func validateMount(t *testing.T, mnt string, opts, optional, vfs string) {
info, err := GetMounts()
if err != nil {
t.Fatal(err)
Expand All @@ -124,6 +134,13 @@ func validateMount(t *testing.T, mnt string, opts, optional string) {
}
}

wantedVFS := make(map[string]struct{})
if vfs != "" {
for _, opt := range strings.Split(vfs, ",") {
wantedVFS[opt] = struct{}{}
}
}

mnts := make(map[int]*Info, len(info))
for _, mi := range info {
mnts[mi.ID] = mi
Expand Down Expand Up @@ -177,6 +194,22 @@ func validateMount(t *testing.T, mnt string, opts, optional string) {
t.Errorf("missing optional field %q found %q", field, mi.Optional)
}

// Validate VFS if set
if vfs != "" {
if mi.VfsOpts != "" {
for _, opt := range strings.Split(mi.VfsOpts, ",") {
opt = clean(opt)
if !has(wantedVFS, opt) {
t.Errorf("unexpected mount option %q expected %q", opt, vfs)
}
delete(wantedVFS, opt)
}
}
for opt := range wantedVFS {
t.Errorf("missing mount option %q found %q", opt, mi.VfsOpts)
}
}

return
}

Expand Down