summaryrefslogtreecommitdiffhomepage
diff options
context:
space:
mode:
-rw-r--r--pkg/sentry/fs/copy_up_test.go4
-rw-r--r--pkg/sentry/fs/dev/fs.go2
-rw-r--r--pkg/sentry/fs/filesystems.go2
-rw-r--r--pkg/sentry/fs/gofer/fs.go2
-rw-r--r--pkg/sentry/fs/gofer/session_state.go2
-rw-r--r--pkg/sentry/fs/host/fs.go2
-rw-r--r--pkg/sentry/fs/host/fs_test.go2
-rw-r--r--pkg/sentry/fs/mount_overlay.go2
-rw-r--r--pkg/sentry/fs/proc/fs.go2
-rw-r--r--pkg/sentry/fs/restore.go7
-rw-r--r--pkg/sentry/fs/sys/fs.go2
-rw-r--r--pkg/sentry/fs/tmpfs/fs.go2
-rw-r--r--pkg/sentry/fs/tty/fs.go2
-rw-r--r--pkg/sentry/syscalls/linux/sys_mount.go2
-rw-r--r--runsc/boot/fs.go18
-rw-r--r--runsc/boot/loader_test.go28
16 files changed, 42 insertions, 39 deletions
diff --git a/pkg/sentry/fs/copy_up_test.go b/pkg/sentry/fs/copy_up_test.go
index 2b2f4bb8f..98a0b7638 100644
--- a/pkg/sentry/fs/copy_up_test.go
+++ b/pkg/sentry/fs/copy_up_test.go
@@ -98,7 +98,7 @@ func makeOverlayTestFiles(t *testing.T) []*overlayTestFile {
// Create a lower tmpfs mount.
fsys, _ := fs.FindFilesystem("tmpfs")
- lower, err := fsys.Mount(contexttest.Context(t), "", fs.MountSourceFlags{}, "")
+ lower, err := fsys.Mount(contexttest.Context(t), "", fs.MountSourceFlags{}, "", nil)
if err != nil {
t.Fatalf("failed to mount tmpfs: %v", err)
}
@@ -147,7 +147,7 @@ func makeOverlayTestFiles(t *testing.T) []*overlayTestFile {
}
// Create an empty upper tmpfs mount which we will copy up into.
- upper, err := fsys.Mount(ctx, "", fs.MountSourceFlags{}, "")
+ upper, err := fsys.Mount(ctx, "", fs.MountSourceFlags{}, "", nil)
if err != nil {
t.Fatalf("failed to mount tmpfs: %v", err)
}
diff --git a/pkg/sentry/fs/dev/fs.go b/pkg/sentry/fs/dev/fs.go
index abfe689f0..cf4e7d00f 100644
--- a/pkg/sentry/fs/dev/fs.go
+++ b/pkg/sentry/fs/dev/fs.go
@@ -66,7 +66,7 @@ func (*filesystem) Flags() fs.FilesystemFlags {
}
// Mount returns a devtmpfs root that can be positioned in the vfs.
-func (f *filesystem) Mount(ctx context.Context, device string, flags fs.MountSourceFlags, data string) (*fs.Inode, error) {
+func (f *filesystem) Mount(ctx context.Context, device string, flags fs.MountSourceFlags, data string, _ interface{}) (*fs.Inode, error) {
// device is always ignored.
// devtmpfs backed by ramfs ignores bad options. See fs/ramfs/inode.c:ramfs_parse_options.
// -> we should consider parsing the mode and backing devtmpfs by this.
diff --git a/pkg/sentry/fs/filesystems.go b/pkg/sentry/fs/filesystems.go
index ba8be85e4..aa664b973 100644
--- a/pkg/sentry/fs/filesystems.go
+++ b/pkg/sentry/fs/filesystems.go
@@ -50,7 +50,7 @@ type Filesystem interface {
// data options.
//
// Mount may return arbitrary errors. They do not need syserr translations.
- Mount(ctx context.Context, device string, flags MountSourceFlags, data string) (*Inode, error)
+ Mount(ctx context.Context, device string, flags MountSourceFlags, data string, dataObj interface{}) (*Inode, error)
// AllowUserMount determines whether mount(2) is allowed to mount a
// file system of this type.
diff --git a/pkg/sentry/fs/gofer/fs.go b/pkg/sentry/fs/gofer/fs.go
index 2dc000c6f..adff0abac 100644
--- a/pkg/sentry/fs/gofer/fs.go
+++ b/pkg/sentry/fs/gofer/fs.go
@@ -120,7 +120,7 @@ func (*filesystem) Flags() fs.FilesystemFlags {
}
// Mount returns an attached 9p client that can be positioned in the vfs.
-func (f *filesystem) Mount(ctx context.Context, device string, flags fs.MountSourceFlags, data string) (*fs.Inode, error) {
+func (f *filesystem) Mount(ctx context.Context, device string, flags fs.MountSourceFlags, data string, _ interface{}) (*fs.Inode, error) {
// Parse and validate the mount options.
o, err := options(data)
if err != nil {
diff --git a/pkg/sentry/fs/gofer/session_state.go b/pkg/sentry/fs/gofer/session_state.go
index d9fd7a221..0ad5d63b5 100644
--- a/pkg/sentry/fs/gofer/session_state.go
+++ b/pkg/sentry/fs/gofer/session_state.go
@@ -57,7 +57,7 @@ func (s *session) afterLoad() {
}
// Validate the mount flags and options.
- opts, err := options(args.Data)
+ opts, err := options(args.DataString)
if err != nil {
panic("failed to parse mount options: " + err.Error())
}
diff --git a/pkg/sentry/fs/host/fs.go b/pkg/sentry/fs/host/fs.go
index d2ba38449..800649211 100644
--- a/pkg/sentry/fs/host/fs.go
+++ b/pkg/sentry/fs/host/fs.go
@@ -82,7 +82,7 @@ func (*Filesystem) Flags() fs.FilesystemFlags {
// Mount returns an fs.Inode exposing the host file system. It is intended to be locked
// down in PreExec below.
-func (f *Filesystem) Mount(ctx context.Context, _ string, flags fs.MountSourceFlags, data string) (*fs.Inode, error) {
+func (f *Filesystem) Mount(ctx context.Context, _ string, flags fs.MountSourceFlags, data string, _ interface{}) (*fs.Inode, error) {
// Parse generic comma-separated key=value options.
options := fs.GenericMountSourceOptions(data)
diff --git a/pkg/sentry/fs/host/fs_test.go b/pkg/sentry/fs/host/fs_test.go
index 44db61ecd..c83b29a16 100644
--- a/pkg/sentry/fs/host/fs_test.go
+++ b/pkg/sentry/fs/host/fs_test.go
@@ -321,7 +321,7 @@ func TestRootPath(t *testing.T) {
hostFS := &Filesystem{}
ctx := contexttest.Context(t)
data := fmt.Sprintf("%s=%s,%s=%s", rootPathKey, rootPath, whitelistKey, whitelisted.Name())
- inode, err := hostFS.Mount(ctx, "", fs.MountSourceFlags{}, data)
+ inode, err := hostFS.Mount(ctx, "", fs.MountSourceFlags{}, data, nil)
if err != nil {
t.Fatalf("Mount failed: %v", err)
}
diff --git a/pkg/sentry/fs/mount_overlay.go b/pkg/sentry/fs/mount_overlay.go
index fb91635bc..4c89673b5 100644
--- a/pkg/sentry/fs/mount_overlay.go
+++ b/pkg/sentry/fs/mount_overlay.go
@@ -122,6 +122,6 @@ func (*overlayFilesystem) AllowUserList() bool {
}
// Mount implements Filesystem.Mount.
-func (ofs *overlayFilesystem) Mount(ctx context.Context, device string, flags MountSourceFlags, data string) (*Inode, error) {
+func (ofs *overlayFilesystem) Mount(ctx context.Context, device string, flags MountSourceFlags, data string, _ interface{}) (*Inode, error) {
panic("overlayFilesystem.Mount should not be called!")
}
diff --git a/pkg/sentry/fs/proc/fs.go b/pkg/sentry/fs/proc/fs.go
index 63f737ff4..666a2d054 100644
--- a/pkg/sentry/fs/proc/fs.go
+++ b/pkg/sentry/fs/proc/fs.go
@@ -57,7 +57,7 @@ func (*filesystem) Flags() fs.FilesystemFlags {
}
// Mount returns the root of a procfs that can be positioned in the vfs.
-func (f *filesystem) Mount(ctx context.Context, device string, flags fs.MountSourceFlags, data string) (*fs.Inode, error) {
+func (f *filesystem) Mount(ctx context.Context, device string, flags fs.MountSourceFlags, data string, _ interface{}) (*fs.Inode, error) {
// device is always ignored.
// Parse generic comma-separated key=value options, this file system expects them.
diff --git a/pkg/sentry/fs/restore.go b/pkg/sentry/fs/restore.go
index da2df7e1d..a6645b41e 100644
--- a/pkg/sentry/fs/restore.go
+++ b/pkg/sentry/fs/restore.go
@@ -41,8 +41,11 @@ type MountArgs struct {
// Flags corresponds to the flags argument of Mount.
Flags MountSourceFlags
- // Data corresponds to the data argument of Mount.
- Data string
+ // DataString corresponds to the data argument of Mount.
+ DataString string
+
+ // DataObj corresponds to the data interface argument of Mount.
+ DataObj interface{}
}
// restoreEnv holds the fs package global RestoreEnvironment.
diff --git a/pkg/sentry/fs/sys/fs.go b/pkg/sentry/fs/sys/fs.go
index 301fef038..44ae43754 100644
--- a/pkg/sentry/fs/sys/fs.go
+++ b/pkg/sentry/fs/sys/fs.go
@@ -57,7 +57,7 @@ func (*filesystem) Flags() fs.FilesystemFlags {
}
// Mount returns a sysfs root which can be positioned in the vfs.
-func (f *filesystem) Mount(ctx context.Context, device string, flags fs.MountSourceFlags, data string) (*fs.Inode, error) {
+func (f *filesystem) Mount(ctx context.Context, device string, flags fs.MountSourceFlags, data string, _ interface{}) (*fs.Inode, error) {
// device is always ignored.
// sysfs ignores data, see fs/sysfs/mount.c:sysfs_mount.
diff --git a/pkg/sentry/fs/tmpfs/fs.go b/pkg/sentry/fs/tmpfs/fs.go
index d495430e9..d0c93028f 100644
--- a/pkg/sentry/fs/tmpfs/fs.go
+++ b/pkg/sentry/fs/tmpfs/fs.go
@@ -82,7 +82,7 @@ func (*Filesystem) Flags() fs.FilesystemFlags {
}
// Mount returns a tmpfs root that can be positioned in the vfs.
-func (f *Filesystem) Mount(ctx context.Context, device string, flags fs.MountSourceFlags, data string) (*fs.Inode, error) {
+func (f *Filesystem) Mount(ctx context.Context, device string, flags fs.MountSourceFlags, data string, _ interface{}) (*fs.Inode, error) {
// device is always ignored.
// Parse generic comma-separated key=value options, this file system expects them.
diff --git a/pkg/sentry/fs/tty/fs.go b/pkg/sentry/fs/tty/fs.go
index 0c412eb21..43e0e2a04 100644
--- a/pkg/sentry/fs/tty/fs.go
+++ b/pkg/sentry/fs/tty/fs.go
@@ -59,7 +59,7 @@ func (*filesystem) Flags() fs.FilesystemFlags {
}
// MountSource returns a devpts root that can be positioned in the vfs.
-func (f *filesystem) Mount(ctx context.Context, device string, flags fs.MountSourceFlags, data string) (*fs.Inode, error) {
+func (f *filesystem) Mount(ctx context.Context, device string, flags fs.MountSourceFlags, data string, _ interface{}) (*fs.Inode, error) {
// device is always ignored.
// No options are supported.
diff --git a/pkg/sentry/syscalls/linux/sys_mount.go b/pkg/sentry/syscalls/linux/sys_mount.go
index bf0df7302..6b8d75d24 100644
--- a/pkg/sentry/syscalls/linux/sys_mount.go
+++ b/pkg/sentry/syscalls/linux/sys_mount.go
@@ -101,7 +101,7 @@ func Mount(t *kernel.Task, args arch.SyscallArguments) (uintptr, *kernel.Syscall
superFlags.ReadOnly = true
}
- rootInode, err := rsys.Mount(t, sourcePath, superFlags, data)
+ rootInode, err := rsys.Mount(t, sourcePath, superFlags, data, nil)
if err != nil {
return 0, nil, syserror.EINVAL
}
diff --git a/runsc/boot/fs.go b/runsc/boot/fs.go
index ada292c9e..25e23c09b 100644
--- a/runsc/boot/fs.go
+++ b/runsc/boot/fs.go
@@ -181,7 +181,7 @@ func createRootMount(ctx context.Context, spec *specs.Spec, conf *Config, fds *f
log.Infof("Mounting root over 9P, ioFD: %d", fd)
p9FS := mustFindFilesystem("9p")
opts := p9MountOptions(fd, conf.FileAccess)
- rootInode, err = p9FS.Mount(ctx, rootDevice, mf, strings.Join(opts, ","))
+ rootInode, err = p9FS.Mount(ctx, rootDevice, mf, strings.Join(opts, ","), nil)
if err != nil {
return nil, fmt.Errorf("creating root mount point: %v", err)
}
@@ -220,7 +220,7 @@ func addOverlay(ctx context.Context, conf *Config, lower *fs.Inode, name string,
}
// Create overlay on top of mount dir.
- upper, err := tmpFS.Mount(ctx, name+"-upper", lowerFlags, "")
+ upper, err := tmpFS.Mount(ctx, name+"-upper", lowerFlags, "", nil)
if err != nil {
return nil, fmt.Errorf("creating tmpfs overlay: %v", err)
}
@@ -309,7 +309,7 @@ func mountSubmount(ctx context.Context, conf *Config, mns *fs.MountNamespace, ro
mf.ReadOnly = true
}
- inode, err := filesystem.Mount(ctx, mountDevice(m), mf, strings.Join(opts, ","))
+ inode, err := filesystem.Mount(ctx, mountDevice(m), mf, strings.Join(opts, ","), nil)
if err != nil {
return fmt.Errorf("creating mount with source %q: %v", m.Source, err)
}
@@ -415,9 +415,9 @@ func addRestoreMount(conf *Config, renv *fs.RestoreEnvironment, m specs.Mount, f
}
newMount := fs.MountArgs{
- Dev: mountDevice(m),
- Flags: mountFlags(m.Options),
- Data: strings.Join(opts, ","),
+ Dev: mountDevice(m),
+ Flags: mountFlags(m.Options),
+ DataString: strings.Join(opts, ","),
}
renv.MountSources[fsName] = append(renv.MountSources[fsName], newMount)
log.Infof("Added mount at %q: %+v", fsName, newMount)
@@ -441,9 +441,9 @@ func createRestoreEnvironment(spec *specs.Spec, conf *Config, fds *fdDispenser)
}
rootMount := fs.MountArgs{
- Dev: rootDevice,
- Flags: mf,
- Data: strings.Join(opts, ","),
+ Dev: rootDevice,
+ Flags: mf,
+ DataString: strings.Join(opts, ","),
}
renv.MountSources[rootFsName] = append(renv.MountSources[rootFsName], rootMount)
diff --git a/runsc/boot/loader_test.go b/runsc/boot/loader_test.go
index 4fcc0faea..01578cfc5 100644
--- a/runsc/boot/loader_test.go
+++ b/runsc/boot/loader_test.go
@@ -456,9 +456,9 @@ func TestRestoreEnvironment(t *testing.T) {
MountSources: map[string][]fs.MountArgs{
"9p": {
{
- Dev: "9pfs-/",
- Flags: fs.MountSourceFlags{ReadOnly: true},
- Data: "trans=fd,rfdno=0,wfdno=0,privateunixsocket=true,cache=remote_revalidating",
+ Dev: "9pfs-/",
+ Flags: fs.MountSourceFlags{ReadOnly: true},
+ DataString: "trans=fd,rfdno=0,wfdno=0,privateunixsocket=true,cache=remote_revalidating",
},
},
"tmpfs": {
@@ -510,13 +510,13 @@ func TestRestoreEnvironment(t *testing.T) {
MountSources: map[string][]fs.MountArgs{
"9p": {
{
- Dev: "9pfs-/",
- Flags: fs.MountSourceFlags{ReadOnly: true},
- Data: "trans=fd,rfdno=0,wfdno=0,privateunixsocket=true,cache=remote_revalidating",
+ Dev: "9pfs-/",
+ Flags: fs.MountSourceFlags{ReadOnly: true},
+ DataString: "trans=fd,rfdno=0,wfdno=0,privateunixsocket=true,cache=remote_revalidating",
},
{
- Dev: "9pfs-/dev/fd-foo",
- Data: "trans=fd,rfdno=1,wfdno=1,privateunixsocket=true,cache=remote_revalidating",
+ Dev: "9pfs-/dev/fd-foo",
+ DataString: "trans=fd,rfdno=1,wfdno=1,privateunixsocket=true,cache=remote_revalidating",
},
},
"tmpfs": {
@@ -568,16 +568,16 @@ func TestRestoreEnvironment(t *testing.T) {
MountSources: map[string][]fs.MountArgs{
"9p": {
{
- Dev: "9pfs-/",
- Flags: fs.MountSourceFlags{ReadOnly: true},
- Data: "trans=fd,rfdno=0,wfdno=0,privateunixsocket=true,cache=remote_revalidating",
+ Dev: "9pfs-/",
+ Flags: fs.MountSourceFlags{ReadOnly: true},
+ DataString: "trans=fd,rfdno=0,wfdno=0,privateunixsocket=true,cache=remote_revalidating",
},
},
"tmpfs": {
{
- Dev: "none",
- Flags: fs.MountSourceFlags{NoAtime: true},
- Data: "uid=1022",
+ Dev: "none",
+ Flags: fs.MountSourceFlags{NoAtime: true},
+ DataString: "uid=1022",
},
{
Dev: "none",