Merge pull request opencontainers#1832 from giuseppe/runc-drop-invalid-proc-destination-with-chroot

Mrunal Patel · web-flow · commit 9cda583235b0 · 2018-09-04T09:26:21.000-07:00
linux: drop check for /proc as invalid dest
diff --git a/libcontainer/rootfs_linux.go b/libcontainer/rootfs_linux.go
@@ -438,7 +438,7 @@ func checkMountDestination(rootfs, dest string) error {
 		if err != nil {
 			return err
 		}
-		if path == "." || !strings.HasPrefix(path, "..") {
+		if path != "." && !strings.HasPrefix(path, "..") {
 			return fmt.Errorf("%q cannot be mounted because it is located inside %q", dest, invalid)
 		}
 	}
diff --git a/libcontainer/rootfs_linux_test.go b/libcontainer/rootfs_linux_test.go
@@ -9,13 +9,21 @@ import (
 )
 
 func TestCheckMountDestOnProc(t *testing.T) {
-	dest := "/rootfs/proc/"
+	dest := "/rootfs/proc/sys"
 	err := checkMountDestination("/rootfs", dest)
 	if err == nil {
 		t.Fatal("destination inside proc should return an error")
 	}
 }
 
+func TestCheckMountDestOnProcChroot(t *testing.T) {
+	dest := "/rootfs/proc/"
+	err := checkMountDestination("/rootfs", dest)
+	if err != nil {
+		t.Fatal("destination inside proc when using chroot should not return an error")
+	}
+}
+
 func TestCheckMountDestInSys(t *testing.T) {
 	dest := "/rootfs//sys/fs/cgroup"
 	err := checkMountDestination("/rootfs", dest)

Original file line number	Diff line number	Diff line change
`@@ -438,7 +438,7 @@ func checkMountDestination(rootfs, dest string) error {`
`438`	`438`	`if err != nil {`
`439`	`439`	`return err`
`440`	`440`	`}`
`441`		`- if path == "." \|\| !strings.HasPrefix(path, "..") {`
	`441`	`+ if path != "." && !strings.HasPrefix(path, "..") {`
`442`	`442`	`return fmt.Errorf("%q cannot be mounted because it is located inside %q", dest, invalid)`
`443`	`443`	`}`
`444`	`444`	`}`