diff options
| author | gVisor bot <gvisor-bot@google.com> | 2021-03-18 18:17:07 +0000 |
|---|---|---|
| committer | gVisor bot <gvisor-bot@google.com> | 2021-03-18 18:17:07 +0000 |
| commit | d3a3fe04cccfe8646a4ec8bf9dda0689cf524e07 (patch) | |
| tree | 038964257a6925f1a024a1b1852fe360d8a4f00f /runsc/specutils | |
| parent | 8a3f44a54fe8897e9ec2a66b1a4d8a67511b4986 (diff) | |
| parent | 5c4f4ed9eb05cfef036b55883edb8de780288441 (diff) | |
Merge release-20210309.0-39-g5c4f4ed9e (automated)
Diffstat (limited to 'runsc/specutils')
| -rw-r--r-- | runsc/specutils/specutils.go | 11 |
1 files changed, 5 insertions, 6 deletions
diff --git a/runsc/specutils/specutils.go b/runsc/specutils/specutils.go index 5ba38bfe4..45856fd58 100644 --- a/runsc/specutils/specutils.go +++ b/runsc/specutils/specutils.go @@ -334,14 +334,13 @@ func capsFromNames(names []string, skipSet map[linux.Capability]struct{}) (auth. // Is9PMount returns true if the given mount can be mounted as an external gofer. func Is9PMount(m specs.Mount) bool { - return m.Type == "bind" && m.Source != "" && IsSupportedDevMount(m) + return m.Type == "bind" && m.Source != "" && IsVFS1SupportedDevMount(m) } -// IsSupportedDevMount returns true if the mount is a supported /dev mount. -// Only mount that does not conflict with runsc default /dev mount is -// supported. -func IsSupportedDevMount(m specs.Mount) bool { - // These are devices exist inside sentry. See pkg/sentry/fs/dev/dev.go +// IsVFS1SupportedDevMount returns true if m.Destination does not specify a +// path that is hardcoded by VFS1's implementation of /dev. +func IsVFS1SupportedDevMount(m specs.Mount) bool { + // See pkg/sentry/fs/dev/dev.go. var existingDevices = []string{ "/dev/fd", "/dev/stdin", "/dev/stdout", "/dev/stderr", "/dev/null", "/dev/zero", "/dev/full", "/dev/random", |