linux: drop check for /proc as invalid dest

giuseppe · giuseppe · commit 636b66402729 · 2018-08-30T09:56:18.000+02:00
it is now allowed to bind mount /proc.  This is useful for rootless
containers when the PID namespace is shared with the host.

Signed-off-by: Giuseppe Scrivano &lt;gscrivan@redhat.com&gt;
diff --git a/libcontainer/rootfs_linux.go b/libcontainer/rootfs_linux.go
@@ -413,7 +413,7 @@ func checkMountDestination(rootfs, dest string) error {
 		if err != nil {
 			return err
 		}
-		if path == "." || !strings.HasPrefix(path, "..") {
+		if path != "." && !strings.HasPrefix(path, "..") {
 			return fmt.Errorf("%q cannot be mounted because it is located inside %q", dest, invalid)
 		}
 	}
diff --git a/libcontainer/rootfs_linux_test.go b/libcontainer/rootfs_linux_test.go
@@ -9,13 +9,21 @@ import (
 )
 
 func TestCheckMountDestOnProc(t *testing.T) {
-	dest := "/rootfs/proc/"
+	dest := "/rootfs/proc/sys"
 	err := checkMountDestination("/rootfs", dest)
 	if err == nil {
 		t.Fatal("destination inside proc should return an error")
 	}
 }
 
+func TestCheckMountDestOnProcChroot(t *testing.T) {
+	dest := "/rootfs/proc/"
+	err := checkMountDestination("/rootfs", dest)
+	if err != nil {
+		t.Fatal("destination inside proc when using chroot should not return an error")
+	}
+}
+
 func TestCheckMountDestInSys(t *testing.T) {
 	dest := "/rootfs//sys/fs/cgroup"
 	err := checkMountDestination("/rootfs", dest)

Original file line number	Diff line number	Diff line change
`@@ -413,7 +413,7 @@ func checkMountDestination(rootfs, dest string) error {`
`413`	`413`	`if err != nil {`
`414`	`414`	`return err`
`415`	`415`	`}`
`416`		`- if path == "." \|\| !strings.HasPrefix(path, "..") {`
	`416`	`+ if path != "." && !strings.HasPrefix(path, "..") {`
`417`	`417`	`return fmt.Errorf("%q cannot be mounted because it is located inside %q", dest, invalid)`
`418`	`418`	`}`
`419`	`419`	`}`