overlayBoundEndpoint must be recursive if there is an overlay in the lower.

The old overlayBoundEndpoint assumed that the lower is not an overlay. It should check if the lower is an overlay and handle that case. PiperOrigin-RevId: 225882303 Change-Id: I60660c587d91db2826e0719da0983ec8ad024cb8
author: Nicolas Lacasse <nlacasse@google.com> 2018-12-17 13:45:59 -0800
committer: Shentubot <shentubot@google.com> 2018-12-17 13:46:57 -0800
commit: d3ae74d2a5f5933981abeae10e676a2f0cccf67e (patch)
tree: f0fe92c205c75f3e2904aecc067cb3dc11ddf1b9
parent: f7e8dc57c526cb62575ebf7a5a541eda2af533ca (diff)
1 files changed, 6 insertions, 2 deletions
diff --git a/pkg/sentry/fs/inode_overlay.go b/pkg/sentry/fs/inode_overlay.go
index 78923fb5b..512a0da28 100644
--- a/pkg/sentry/fs/inode_overlay.go
+++ b/pkg/sentry/fs/inode_overlay.go
@@ -390,8 +390,12 @@ func overlayBoundEndpoint(o *overlayEntry, path string) transport.BoundEndpoint
 	if o.upper != nil {
 		return o.upper.InodeOperations.BoundEndpoint(o.upper, path)
 	}
-	// If a socket is already in the lower file system, allow connections
-	// to it.
+
+	// If the lower is itself an overlay, recurse.
+	if o.lower.overlay != nil {
+		return overlayBoundEndpoint(o.lower.overlay, path)
+	}
+	// Lower is not an overlay. Call BoundEndpoint directly.
 	return o.lower.InodeOperations.BoundEndpoint(o.lower, path)
 }
author	Nicolas Lacasse <nlacasse@google.com>	2018-12-17 13:45:59 -0800
committer	Shentubot <shentubot@google.com>	2018-12-17 13:46:57 -0800
commit	d3ae74d2a5f5933981abeae10e676a2f0cccf67e (patch)
tree	f0fe92c205c75f3e2904aecc067cb3dc11ddf1b9
parent	f7e8dc57c526cb62575ebf7a5a541eda2af533ca (diff)