summaryrefslogtreecommitdiffhomepage
path: root/test/syscalls/BUILD
diff options
context:
space:
mode:
authorFabricio Voznika <fvoznika@google.com>2019-01-16 12:47:21 -0800
committerShentubot <shentubot@google.com>2019-01-16 12:48:32 -0800
commite4d3ca7263291b43cdc49c7553c62608be062cd9 (patch)
tree47b8dee17087a36e1fc34c8acc48c798f2d2f383 /test/syscalls/BUILD
parent92cf3764e032740f0c84a1b242c54b99f45a6bf0 (diff)
Prevent internal tmpfs mount to override files in /tmp
Runsc wants to mount /tmp using internal tmpfs implementation for performance. However, it risks hiding files that may exist under /tmp in case it's present in the container. Now, it only mounts over /tmp iff: - /tmp was not explicitly asked to be mounted - /tmp is empty If any of this is not true, then /tmp maps to the container's image /tmp. Note: checkpoint doesn't have sentry FS mounted to check if /tmp is empty. It simply looks for explicit mounts right now. PiperOrigin-RevId: 229607856 Change-Id: I10b6dae7ac157ef578efc4dfceb089f3b94cde06
Diffstat (limited to 'test/syscalls/BUILD')
-rw-r--r--test/syscalls/BUILD1
1 files changed, 1 insertions, 0 deletions
diff --git a/test/syscalls/BUILD b/test/syscalls/BUILD
index 674e4b5b1..c46ac77f7 100644
--- a/test/syscalls/BUILD
+++ b/test/syscalls/BUILD
@@ -538,6 +538,7 @@ go_binary(
"//runsc/specutils",
"//runsc/test/testutil",
"//test/syscalls/gtest",
+ "@com_github_opencontainers_runtime-spec//specs-go:go_default_library",
"@org_golang_x_sys//unix:go_default_library",
],
)