summaryrefslogtreecommitdiffhomepage
diff options
context:
space:
mode:
authorNicolas Lacasse <nlacasse@google.com>2018-12-17 13:45:59 -0800
committerShentubot <shentubot@google.com>2018-12-17 13:46:57 -0800
commitd3ae74d2a5f5933981abeae10e676a2f0cccf67e (patch)
treef0fe92c205c75f3e2904aecc067cb3dc11ddf1b9
parentf7e8dc57c526cb62575ebf7a5a541eda2af533ca (diff)
overlayBoundEndpoint must be recursive if there is an overlay in the lower.
The old overlayBoundEndpoint assumed that the lower is not an overlay. It should check if the lower is an overlay and handle that case. PiperOrigin-RevId: 225882303 Change-Id: I60660c587d91db2826e0719da0983ec8ad024cb8
-rw-r--r--pkg/sentry/fs/inode_overlay.go8
1 files changed, 6 insertions, 2 deletions
diff --git a/pkg/sentry/fs/inode_overlay.go b/pkg/sentry/fs/inode_overlay.go
index 78923fb5b..512a0da28 100644
--- a/pkg/sentry/fs/inode_overlay.go
+++ b/pkg/sentry/fs/inode_overlay.go
@@ -390,8 +390,12 @@ func overlayBoundEndpoint(o *overlayEntry, path string) transport.BoundEndpoint
if o.upper != nil {
return o.upper.InodeOperations.BoundEndpoint(o.upper, path)
}
- // If a socket is already in the lower file system, allow connections
- // to it.
+
+ // If the lower is itself an overlay, recurse.
+ if o.lower.overlay != nil {
+ return overlayBoundEndpoint(o.lower.overlay, path)
+ }
+ // Lower is not an overlay. Call BoundEndpoint directly.
return o.lower.InodeOperations.BoundEndpoint(o.lower, path)
}