diff options
| -rw-r--r-- | pkg/sentry/fs/copy_up_test.go | 4 | ||||
| -rw-r--r-- | pkg/sentry/fs/dev/fs.go | 2 | ||||
| -rw-r--r-- | pkg/sentry/fs/filesystems.go | 2 | ||||
| -rw-r--r-- | pkg/sentry/fs/gofer/fs.go | 2 | ||||
| -rw-r--r-- | pkg/sentry/fs/gofer/session_state.go | 2 | ||||
| -rw-r--r-- | pkg/sentry/fs/host/fs.go | 2 | ||||
| -rw-r--r-- | pkg/sentry/fs/host/fs_test.go | 2 | ||||
| -rw-r--r-- | pkg/sentry/fs/mount_overlay.go | 2 | ||||
| -rw-r--r-- | pkg/sentry/fs/proc/fs.go | 2 | ||||
| -rw-r--r-- | pkg/sentry/fs/restore.go | 7 | ||||
| -rw-r--r-- | pkg/sentry/fs/sys/fs.go | 2 | ||||
| -rw-r--r-- | pkg/sentry/fs/tmpfs/fs.go | 2 | ||||
| -rw-r--r-- | pkg/sentry/fs/tty/fs.go | 2 | ||||
| -rw-r--r-- | pkg/sentry/syscalls/linux/sys_mount.go | 2 | ||||
| -rw-r--r-- | runsc/boot/fs.go | 18 | ||||
| -rw-r--r-- | runsc/boot/loader_test.go | 28 |
16 files changed, 42 insertions, 39 deletions
diff --git a/pkg/sentry/fs/copy_up_test.go b/pkg/sentry/fs/copy_up_test.go index 2b2f4bb8f..98a0b7638 100644 --- a/pkg/sentry/fs/copy_up_test.go +++ b/pkg/sentry/fs/copy_up_test.go @@ -98,7 +98,7 @@ func makeOverlayTestFiles(t *testing.T) []*overlayTestFile { // Create a lower tmpfs mount. fsys, _ := fs.FindFilesystem("tmpfs") - lower, err := fsys.Mount(contexttest.Context(t), "", fs.MountSourceFlags{}, "") + lower, err := fsys.Mount(contexttest.Context(t), "", fs.MountSourceFlags{}, "", nil) if err != nil { t.Fatalf("failed to mount tmpfs: %v", err) } @@ -147,7 +147,7 @@ func makeOverlayTestFiles(t *testing.T) []*overlayTestFile { } // Create an empty upper tmpfs mount which we will copy up into. - upper, err := fsys.Mount(ctx, "", fs.MountSourceFlags{}, "") + upper, err := fsys.Mount(ctx, "", fs.MountSourceFlags{}, "", nil) if err != nil { t.Fatalf("failed to mount tmpfs: %v", err) } diff --git a/pkg/sentry/fs/dev/fs.go b/pkg/sentry/fs/dev/fs.go index abfe689f0..cf4e7d00f 100644 --- a/pkg/sentry/fs/dev/fs.go +++ b/pkg/sentry/fs/dev/fs.go @@ -66,7 +66,7 @@ func (*filesystem) Flags() fs.FilesystemFlags { } // Mount returns a devtmpfs root that can be positioned in the vfs. -func (f *filesystem) Mount(ctx context.Context, device string, flags fs.MountSourceFlags, data string) (*fs.Inode, error) { +func (f *filesystem) Mount(ctx context.Context, device string, flags fs.MountSourceFlags, data string, _ interface{}) (*fs.Inode, error) { // device is always ignored. // devtmpfs backed by ramfs ignores bad options. See fs/ramfs/inode.c:ramfs_parse_options. // -> we should consider parsing the mode and backing devtmpfs by this. diff --git a/pkg/sentry/fs/filesystems.go b/pkg/sentry/fs/filesystems.go index ba8be85e4..aa664b973 100644 --- a/pkg/sentry/fs/filesystems.go +++ b/pkg/sentry/fs/filesystems.go @@ -50,7 +50,7 @@ type Filesystem interface { // data options. // // Mount may return arbitrary errors. They do not need syserr translations. - Mount(ctx context.Context, device string, flags MountSourceFlags, data string) (*Inode, error) + Mount(ctx context.Context, device string, flags MountSourceFlags, data string, dataObj interface{}) (*Inode, error) // AllowUserMount determines whether mount(2) is allowed to mount a // file system of this type. diff --git a/pkg/sentry/fs/gofer/fs.go b/pkg/sentry/fs/gofer/fs.go index 2dc000c6f..adff0abac 100644 --- a/pkg/sentry/fs/gofer/fs.go +++ b/pkg/sentry/fs/gofer/fs.go @@ -120,7 +120,7 @@ func (*filesystem) Flags() fs.FilesystemFlags { } // Mount returns an attached 9p client that can be positioned in the vfs. -func (f *filesystem) Mount(ctx context.Context, device string, flags fs.MountSourceFlags, data string) (*fs.Inode, error) { +func (f *filesystem) Mount(ctx context.Context, device string, flags fs.MountSourceFlags, data string, _ interface{}) (*fs.Inode, error) { // Parse and validate the mount options. o, err := options(data) if err != nil { diff --git a/pkg/sentry/fs/gofer/session_state.go b/pkg/sentry/fs/gofer/session_state.go index d9fd7a221..0ad5d63b5 100644 --- a/pkg/sentry/fs/gofer/session_state.go +++ b/pkg/sentry/fs/gofer/session_state.go @@ -57,7 +57,7 @@ func (s *session) afterLoad() { } // Validate the mount flags and options. - opts, err := options(args.Data) + opts, err := options(args.DataString) if err != nil { panic("failed to parse mount options: " + err.Error()) } diff --git a/pkg/sentry/fs/host/fs.go b/pkg/sentry/fs/host/fs.go index d2ba38449..800649211 100644 --- a/pkg/sentry/fs/host/fs.go +++ b/pkg/sentry/fs/host/fs.go @@ -82,7 +82,7 @@ func (*Filesystem) Flags() fs.FilesystemFlags { // Mount returns an fs.Inode exposing the host file system. It is intended to be locked // down in PreExec below. -func (f *Filesystem) Mount(ctx context.Context, _ string, flags fs.MountSourceFlags, data string) (*fs.Inode, error) { +func (f *Filesystem) Mount(ctx context.Context, _ string, flags fs.MountSourceFlags, data string, _ interface{}) (*fs.Inode, error) { // Parse generic comma-separated key=value options. options := fs.GenericMountSourceOptions(data) diff --git a/pkg/sentry/fs/host/fs_test.go b/pkg/sentry/fs/host/fs_test.go index 44db61ecd..c83b29a16 100644 --- a/pkg/sentry/fs/host/fs_test.go +++ b/pkg/sentry/fs/host/fs_test.go @@ -321,7 +321,7 @@ func TestRootPath(t *testing.T) { hostFS := &Filesystem{} ctx := contexttest.Context(t) data := fmt.Sprintf("%s=%s,%s=%s", rootPathKey, rootPath, whitelistKey, whitelisted.Name()) - inode, err := hostFS.Mount(ctx, "", fs.MountSourceFlags{}, data) + inode, err := hostFS.Mount(ctx, "", fs.MountSourceFlags{}, data, nil) if err != nil { t.Fatalf("Mount failed: %v", err) } diff --git a/pkg/sentry/fs/mount_overlay.go b/pkg/sentry/fs/mount_overlay.go index fb91635bc..4c89673b5 100644 --- a/pkg/sentry/fs/mount_overlay.go +++ b/pkg/sentry/fs/mount_overlay.go @@ -122,6 +122,6 @@ func (*overlayFilesystem) AllowUserList() bool { } // Mount implements Filesystem.Mount. -func (ofs *overlayFilesystem) Mount(ctx context.Context, device string, flags MountSourceFlags, data string) (*Inode, error) { +func (ofs *overlayFilesystem) Mount(ctx context.Context, device string, flags MountSourceFlags, data string, _ interface{}) (*Inode, error) { panic("overlayFilesystem.Mount should not be called!") } diff --git a/pkg/sentry/fs/proc/fs.go b/pkg/sentry/fs/proc/fs.go index 63f737ff4..666a2d054 100644 --- a/pkg/sentry/fs/proc/fs.go +++ b/pkg/sentry/fs/proc/fs.go @@ -57,7 +57,7 @@ func (*filesystem) Flags() fs.FilesystemFlags { } // Mount returns the root of a procfs that can be positioned in the vfs. -func (f *filesystem) Mount(ctx context.Context, device string, flags fs.MountSourceFlags, data string) (*fs.Inode, error) { +func (f *filesystem) Mount(ctx context.Context, device string, flags fs.MountSourceFlags, data string, _ interface{}) (*fs.Inode, error) { // device is always ignored. // Parse generic comma-separated key=value options, this file system expects them. diff --git a/pkg/sentry/fs/restore.go b/pkg/sentry/fs/restore.go index da2df7e1d..a6645b41e 100644 --- a/pkg/sentry/fs/restore.go +++ b/pkg/sentry/fs/restore.go @@ -41,8 +41,11 @@ type MountArgs struct { // Flags corresponds to the flags argument of Mount. Flags MountSourceFlags - // Data corresponds to the data argument of Mount. - Data string + // DataString corresponds to the data argument of Mount. + DataString string + + // DataObj corresponds to the data interface argument of Mount. + DataObj interface{} } // restoreEnv holds the fs package global RestoreEnvironment. diff --git a/pkg/sentry/fs/sys/fs.go b/pkg/sentry/fs/sys/fs.go index 301fef038..44ae43754 100644 --- a/pkg/sentry/fs/sys/fs.go +++ b/pkg/sentry/fs/sys/fs.go @@ -57,7 +57,7 @@ func (*filesystem) Flags() fs.FilesystemFlags { } // Mount returns a sysfs root which can be positioned in the vfs. -func (f *filesystem) Mount(ctx context.Context, device string, flags fs.MountSourceFlags, data string) (*fs.Inode, error) { +func (f *filesystem) Mount(ctx context.Context, device string, flags fs.MountSourceFlags, data string, _ interface{}) (*fs.Inode, error) { // device is always ignored. // sysfs ignores data, see fs/sysfs/mount.c:sysfs_mount. diff --git a/pkg/sentry/fs/tmpfs/fs.go b/pkg/sentry/fs/tmpfs/fs.go index d495430e9..d0c93028f 100644 --- a/pkg/sentry/fs/tmpfs/fs.go +++ b/pkg/sentry/fs/tmpfs/fs.go @@ -82,7 +82,7 @@ func (*Filesystem) Flags() fs.FilesystemFlags { } // Mount returns a tmpfs root that can be positioned in the vfs. -func (f *Filesystem) Mount(ctx context.Context, device string, flags fs.MountSourceFlags, data string) (*fs.Inode, error) { +func (f *Filesystem) Mount(ctx context.Context, device string, flags fs.MountSourceFlags, data string, _ interface{}) (*fs.Inode, error) { // device is always ignored. // Parse generic comma-separated key=value options, this file system expects them. diff --git a/pkg/sentry/fs/tty/fs.go b/pkg/sentry/fs/tty/fs.go index 0c412eb21..43e0e2a04 100644 --- a/pkg/sentry/fs/tty/fs.go +++ b/pkg/sentry/fs/tty/fs.go @@ -59,7 +59,7 @@ func (*filesystem) Flags() fs.FilesystemFlags { } // MountSource returns a devpts root that can be positioned in the vfs. -func (f *filesystem) Mount(ctx context.Context, device string, flags fs.MountSourceFlags, data string) (*fs.Inode, error) { +func (f *filesystem) Mount(ctx context.Context, device string, flags fs.MountSourceFlags, data string, _ interface{}) (*fs.Inode, error) { // device is always ignored. // No options are supported. diff --git a/pkg/sentry/syscalls/linux/sys_mount.go b/pkg/sentry/syscalls/linux/sys_mount.go index bf0df7302..6b8d75d24 100644 --- a/pkg/sentry/syscalls/linux/sys_mount.go +++ b/pkg/sentry/syscalls/linux/sys_mount.go @@ -101,7 +101,7 @@ func Mount(t *kernel.Task, args arch.SyscallArguments) (uintptr, *kernel.Syscall superFlags.ReadOnly = true } - rootInode, err := rsys.Mount(t, sourcePath, superFlags, data) + rootInode, err := rsys.Mount(t, sourcePath, superFlags, data, nil) if err != nil { return 0, nil, syserror.EINVAL } diff --git a/runsc/boot/fs.go b/runsc/boot/fs.go index ada292c9e..25e23c09b 100644 --- a/runsc/boot/fs.go +++ b/runsc/boot/fs.go @@ -181,7 +181,7 @@ func createRootMount(ctx context.Context, spec *specs.Spec, conf *Config, fds *f log.Infof("Mounting root over 9P, ioFD: %d", fd) p9FS := mustFindFilesystem("9p") opts := p9MountOptions(fd, conf.FileAccess) - rootInode, err = p9FS.Mount(ctx, rootDevice, mf, strings.Join(opts, ",")) + rootInode, err = p9FS.Mount(ctx, rootDevice, mf, strings.Join(opts, ","), nil) if err != nil { return nil, fmt.Errorf("creating root mount point: %v", err) } @@ -220,7 +220,7 @@ func addOverlay(ctx context.Context, conf *Config, lower *fs.Inode, name string, } // Create overlay on top of mount dir. - upper, err := tmpFS.Mount(ctx, name+"-upper", lowerFlags, "") + upper, err := tmpFS.Mount(ctx, name+"-upper", lowerFlags, "", nil) if err != nil { return nil, fmt.Errorf("creating tmpfs overlay: %v", err) } @@ -309,7 +309,7 @@ func mountSubmount(ctx context.Context, conf *Config, mns *fs.MountNamespace, ro mf.ReadOnly = true } - inode, err := filesystem.Mount(ctx, mountDevice(m), mf, strings.Join(opts, ",")) + inode, err := filesystem.Mount(ctx, mountDevice(m), mf, strings.Join(opts, ","), nil) if err != nil { return fmt.Errorf("creating mount with source %q: %v", m.Source, err) } @@ -415,9 +415,9 @@ func addRestoreMount(conf *Config, renv *fs.RestoreEnvironment, m specs.Mount, f } newMount := fs.MountArgs{ - Dev: mountDevice(m), - Flags: mountFlags(m.Options), - Data: strings.Join(opts, ","), + Dev: mountDevice(m), + Flags: mountFlags(m.Options), + DataString: strings.Join(opts, ","), } renv.MountSources[fsName] = append(renv.MountSources[fsName], newMount) log.Infof("Added mount at %q: %+v", fsName, newMount) @@ -441,9 +441,9 @@ func createRestoreEnvironment(spec *specs.Spec, conf *Config, fds *fdDispenser) } rootMount := fs.MountArgs{ - Dev: rootDevice, - Flags: mf, - Data: strings.Join(opts, ","), + Dev: rootDevice, + Flags: mf, + DataString: strings.Join(opts, ","), } renv.MountSources[rootFsName] = append(renv.MountSources[rootFsName], rootMount) diff --git a/runsc/boot/loader_test.go b/runsc/boot/loader_test.go index 4fcc0faea..01578cfc5 100644 --- a/runsc/boot/loader_test.go +++ b/runsc/boot/loader_test.go @@ -456,9 +456,9 @@ func TestRestoreEnvironment(t *testing.T) { MountSources: map[string][]fs.MountArgs{ "9p": { { - Dev: "9pfs-/", - Flags: fs.MountSourceFlags{ReadOnly: true}, - Data: "trans=fd,rfdno=0,wfdno=0,privateunixsocket=true,cache=remote_revalidating", + Dev: "9pfs-/", + Flags: fs.MountSourceFlags{ReadOnly: true}, + DataString: "trans=fd,rfdno=0,wfdno=0,privateunixsocket=true,cache=remote_revalidating", }, }, "tmpfs": { @@ -510,13 +510,13 @@ func TestRestoreEnvironment(t *testing.T) { MountSources: map[string][]fs.MountArgs{ "9p": { { - Dev: "9pfs-/", - Flags: fs.MountSourceFlags{ReadOnly: true}, - Data: "trans=fd,rfdno=0,wfdno=0,privateunixsocket=true,cache=remote_revalidating", + Dev: "9pfs-/", + Flags: fs.MountSourceFlags{ReadOnly: true}, + DataString: "trans=fd,rfdno=0,wfdno=0,privateunixsocket=true,cache=remote_revalidating", }, { - Dev: "9pfs-/dev/fd-foo", - Data: "trans=fd,rfdno=1,wfdno=1,privateunixsocket=true,cache=remote_revalidating", + Dev: "9pfs-/dev/fd-foo", + DataString: "trans=fd,rfdno=1,wfdno=1,privateunixsocket=true,cache=remote_revalidating", }, }, "tmpfs": { @@ -568,16 +568,16 @@ func TestRestoreEnvironment(t *testing.T) { MountSources: map[string][]fs.MountArgs{ "9p": { { - Dev: "9pfs-/", - Flags: fs.MountSourceFlags{ReadOnly: true}, - Data: "trans=fd,rfdno=0,wfdno=0,privateunixsocket=true,cache=remote_revalidating", + Dev: "9pfs-/", + Flags: fs.MountSourceFlags{ReadOnly: true}, + DataString: "trans=fd,rfdno=0,wfdno=0,privateunixsocket=true,cache=remote_revalidating", }, }, "tmpfs": { { - Dev: "none", - Flags: fs.MountSourceFlags{NoAtime: true}, - Data: "uid=1022", + Dev: "none", + Flags: fs.MountSourceFlags{NoAtime: true}, + DataString: "uid=1022", }, { Dev: "none", |