Remove check for binding to /

crosbymichael · crosbymichael · commit 70b16a5ab9a4 · 2016-09-29T15:26:09.000-07:00
In order to mount root filesystems inside the container's mount
namespace as part of the spec we need to have the ability to do a bind
mount to / as the destination.

Signed-off-by: Michael Crosby &lt;crosbymichael@gmail.com&gt;
diff --git a/libcontainer/rootfs_linux.go b/libcontainer/rootfs_linux.go
@@ -306,9 +306,6 @@ func getCgroupMounts(m *configs.Mount) ([]*configs.Mount, error) {
 // checkMountDestination checks to ensure that the mount destination is not over the top of /proc.
 // dest is required to be an abs path and have any symlinks resolved before calling this function.
 func checkMountDestination(rootfs, dest string) error {
-	if libcontainerUtils.CleanPath(rootfs) == libcontainerUtils.CleanPath(dest) {
-		return fmt.Errorf("mounting into / is prohibited")
-	}
 	invalidDestinations := []string{
 		"/proc",
 	}
diff --git a/libcontainer/rootfs_linux_test.go b/libcontainer/rootfs_linux_test.go
@@ -32,14 +32,6 @@ func TestCheckMountDestFalsePositive(t *testing.T) {
 	}
 }
 
-func TestCheckMountRoot(t *testing.T) {
-	dest := "/rootfs"
-	err := checkMountDestination("/rootfs", dest)
-	if err == nil {
-		t.Fatal(err)
-	}
-}
-
 func TestNeedsSetupDev(t *testing.T) {
 	config := &configs.Config{
 		Mounts: []*configs.Mount{

Original file line number	Diff line number	Diff line change
`@@ -32,14 +32,6 @@ func TestCheckMountDestFalsePositive(t *testing.T) {`
`32`	`32`	`}`
`33`	`33`	`}`
`34`	`34`
`35`		`-func TestCheckMountRoot(t *testing.T) {`
`36`		`- dest := "/rootfs"`
`37`		`- err := checkMountDestination("/rootfs", dest)`
`38`		`- if err == nil {`
`39`		`- t.Fatal(err)`
`40`		`- }`
`41`		`-}`
`42`		`-`
`43`	`35`	`func TestNeedsSetupDev(t *testing.T) {`
`44`	`36`	`config := &configs.Config{`
`45`	`37`	`Mounts: []*configs.Mount{`