diff options
author | Nicolas Lacasse <nlacasse@google.com> | 2018-12-17 13:45:59 -0800 |
---|---|---|
committer | Shentubot <shentubot@google.com> | 2018-12-17 13:46:57 -0800 |
commit | d3ae74d2a5f5933981abeae10e676a2f0cccf67e (patch) | |
tree | f0fe92c205c75f3e2904aecc067cb3dc11ddf1b9 | |
parent | f7e8dc57c526cb62575ebf7a5a541eda2af533ca (diff) |
overlayBoundEndpoint must be recursive if there is an overlay in the lower.
The old overlayBoundEndpoint assumed that the lower is not an overlay. It
should check if the lower is an overlay and handle that case.
PiperOrigin-RevId: 225882303
Change-Id: I60660c587d91db2826e0719da0983ec8ad024cb8
-rw-r--r-- | pkg/sentry/fs/inode_overlay.go | 8 |
1 files changed, 6 insertions, 2 deletions
diff --git a/pkg/sentry/fs/inode_overlay.go b/pkg/sentry/fs/inode_overlay.go index 78923fb5b..512a0da28 100644 --- a/pkg/sentry/fs/inode_overlay.go +++ b/pkg/sentry/fs/inode_overlay.go @@ -390,8 +390,12 @@ func overlayBoundEndpoint(o *overlayEntry, path string) transport.BoundEndpoint if o.upper != nil { return o.upper.InodeOperations.BoundEndpoint(o.upper, path) } - // If a socket is already in the lower file system, allow connections - // to it. + + // If the lower is itself an overlay, recurse. + if o.lower.overlay != nil { + return overlayBoundEndpoint(o.lower.overlay, path) + } + // Lower is not an overlay. Call BoundEndpoint directly. return o.lower.InodeOperations.BoundEndpoint(o.lower, path) } |