summaryrefslogtreecommitdiffhomepage
path: root/pkg/sentry/fs/overlay.go
diff options
context:
space:
mode:
Diffstat (limited to 'pkg/sentry/fs/overlay.go')
-rw-r--r--pkg/sentry/fs/overlay.go8
1 files changed, 6 insertions, 2 deletions
diff --git a/pkg/sentry/fs/overlay.go b/pkg/sentry/fs/overlay.go
index af13dc8c7..5a30af419 100644
--- a/pkg/sentry/fs/overlay.go
+++ b/pkg/sentry/fs/overlay.go
@@ -88,10 +88,11 @@ func isXattrOverlay(name string) bool {
// Preconditions:
//
// - upper and lower must be non-nil.
+// - upper must not be an overlay.
// - lower should not expose character devices, pipes, or sockets, because
// copying up these types of files is not supported.
-// - upper and lower must not require that file objects be revalidated.
-// - upper and lower must not have dynamic file/directory content.
+// - lower must not require that file objects be revalidated.
+// - lower must not have dynamic file/directory content.
func NewOverlayRoot(ctx context.Context, upper *Inode, lower *Inode, flags MountSourceFlags) (*Inode, error) {
if !IsDir(upper.StableAttr) {
return nil, fmt.Errorf("upper Inode is not a directory")
@@ -99,6 +100,9 @@ func NewOverlayRoot(ctx context.Context, upper *Inode, lower *Inode, flags Mount
if !IsDir(lower.StableAttr) {
return nil, fmt.Errorf("lower Inode is not a directory")
}
+ if upper.overlay != nil {
+ return nil, fmt.Errorf("cannot nest overlay in upper file of another overlay")
+ }
msrc := newOverlayMountSource(upper.MountSource, lower.MountSource, flags)
overlay, err := newOverlayEntry(ctx, upper, lower, true)
generated by cgit v1.2.3 (git 2.39.1) at 2024-11-17 20:31:29 +0000