From db81c0b02f2f947ae837a3e16471a148a66436eb Mon Sep 17 00:00:00 2001
From: Fabricio Voznika <fvoznika@google.com>
Date: Mon, 27 Aug 2018 11:09:06 -0700
Subject: Put fsgofer inside chroot

Now each container gets its own dedicated gofer that is chroot'd to the
rootfs path. This is done to add an extra layer of security in case the
gofer gets compromised.

PiperOrigin-RevId: 210396476
Change-Id: Iba21360a59dfe90875d61000db103f8609157ca0
---
 runsc/container/BUILD | 7 ++++++-
 1 file changed, 6 insertions(+), 1 deletion(-)

(limited to 'runsc/container/BUILD')

diff --git a/runsc/container/BUILD b/runsc/container/BUILD
index e40ca4709..cba418d0c 100644
--- a/runsc/container/BUILD
+++ b/runsc/container/BUILD
@@ -13,6 +13,7 @@ go_library(
     name = "container",
     srcs = [
         "container.go",
+        "fs.go",
         "hook.go",
         "status.go",
     ],
@@ -28,13 +29,17 @@ go_library(
         "//runsc/specutils",
         "@com_github_cenkalti_backoff//:go_default_library",
         "@com_github_opencontainers_runtime-spec//specs-go:go_default_library",
+        "@org_golang_x_sys//unix:go_default_library",
     ],
 )
 
 go_test(
     name = "container_test",
     size = "medium",
-    srcs = ["container_test.go"],
+    srcs = [
+        "container_test.go",
+        "fs_test.go",
+    ],
     data = [
         ":uds_test_app",
         "//runsc",
-- 
cgit v1.2.3