diff options
author | Nicolas Lacasse <nlacasse@google.com> | 2018-12-17 13:45:59 -0800 |
---|---|---|
committer | Shentubot <shentubot@google.com> | 2018-12-17 13:46:57 -0800 |
commit | d3ae74d2a5f5933981abeae10e676a2f0cccf67e (patch) | |
tree | f0fe92c205c75f3e2904aecc067cb3dc11ddf1b9 /pkg/sentry/fs | |
parent | f7e8dc57c526cb62575ebf7a5a541eda2af533ca (diff) |
overlayBoundEndpoint must be recursive if there is an overlay in the lower.
The old overlayBoundEndpoint assumed that the lower is not an overlay. It
should check if the lower is an overlay and handle that case.
PiperOrigin-RevId: 225882303
Change-Id: I60660c587d91db2826e0719da0983ec8ad024cb8
Diffstat (limited to 'pkg/sentry/fs')
-rw-r--r-- | pkg/sentry/fs/inode_overlay.go | 8 |
1 files changed, 6 insertions, 2 deletions
diff --git a/pkg/sentry/fs/inode_overlay.go b/pkg/sentry/fs/inode_overlay.go index 78923fb5b..512a0da28 100644 --- a/pkg/sentry/fs/inode_overlay.go +++ b/pkg/sentry/fs/inode_overlay.go @@ -390,8 +390,12 @@ func overlayBoundEndpoint(o *overlayEntry, path string) transport.BoundEndpoint if o.upper != nil { return o.upper.InodeOperations.BoundEndpoint(o.upper, path) } - // If a socket is already in the lower file system, allow connections - // to it. + + // If the lower is itself an overlay, recurse. + if o.lower.overlay != nil { + return overlayBoundEndpoint(o.lower.overlay, path) + } + // Lower is not an overlay. Call BoundEndpoint directly. return o.lower.InodeOperations.BoundEndpoint(o.lower, path) } |