diff options
| author | Fabricio Voznika <fvoznika@google.com> | 2019-01-16 12:47:21 -0800 |
|---|---|---|
| committer | Shentubot <shentubot@google.com> | 2019-01-16 12:48:32 -0800 |
| commit | e4d3ca7263291b43cdc49c7553c62608be062cd9 (patch) | |
| tree | 47b8dee17087a36e1fc34c8acc48c798f2d2f383 /runsc/test | |
| parent | 92cf3764e032740f0c84a1b242c54b99f45a6bf0 (diff) | |
Prevent internal tmpfs mount to override files in /tmp
Runsc wants to mount /tmp using internal tmpfs implementation for
performance. However, it risks hiding files that may exist under
/tmp in case it's present in the container. Now, it only mounts
over /tmp iff:
- /tmp was not explicitly asked to be mounted
- /tmp is empty
If any of this is not true, then /tmp maps to the container's
image /tmp.
Note: checkpoint doesn't have sentry FS mounted to check if /tmp
is empty. It simply looks for explicit mounts right now.
PiperOrigin-RevId: 229607856
Change-Id: I10b6dae7ac157ef578efc4dfceb089f3b94cde06
Diffstat (limited to 'runsc/test')
| -rw-r--r-- | runsc/test/integration/integration_test.go | 13 |
1 files changed, 13 insertions, 0 deletions
diff --git a/runsc/test/integration/integration_test.go b/runsc/test/integration/integration_test.go index 526b3a7a1..4a2770d48 100644 --- a/runsc/test/integration/integration_test.go +++ b/runsc/test/integration/integration_test.go @@ -279,6 +279,19 @@ func TestJobControl(t *testing.T) { } } +// TestTmpFile checks that files inside '/tmp' are not overridden. In addition, +// it checks that working dir is created if it doesn't exit. +func TestTmpFile(t *testing.T) { + if err := testutil.Pull("alpine"); err != nil { + t.Fatal("docker pull failed:", err) + } + d := testutil.MakeDocker("tmp-file-test") + if err := d.Run("-w=/tmp/foo/bar", "--read-only", "alpine", "touch", "/tmp/foo/bar/file"); err != nil { + t.Fatal("docker run failed:", err) + } + defer d.CleanUp() +} + func TestMain(m *testing.M) { testutil.EnsureSupportedDockerVersion() os.Exit(m.Run()) |