Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Support bind and tmpfs docker mounts #4924

Merged
merged 4 commits into from
Nov 30, 2018
Merged

Support bind and tmpfs docker mounts #4924

merged 4 commits into from
Nov 30, 2018

Conversation

notnoop
Copy link
Contributor

@notnoop notnoop commented Nov 27, 2018
edited
Loading

Adds support for more docker mount types, namely "bind" and "tmpfs".

notnoop
notnoop commented Nov 27, 2018
View reviewed changes
drivers/docker/config.go
"target": hclspec.NewAttr("target", "string", false),
"source": hclspec.NewAttr("source", "string", false),
"readonly": hclspec.NewAttr("readonly", "bool", false),
"volume_options": hclspec.NewBlockSet("volume_options", hclspec.NewObject(map[string]*hclspec.Spec{
Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Not related to PR - but noticed that volume_options is expected to be a single block not a collection.

schmichael
schmichael approved these changes Nov 30, 2018
View reviewed changes
Copy link
Member

@schmichael schmichael left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

It'd be nice to get that path traversal check in place, but we can handle it in a followup if desired.

drivers/docker/driver_test.go
// FIXME: This needs to be true but we have a bug with security implications.
// The relative paths check should restrict access to alloc-dir subtree
// documenting existing behavior in test here and need to follow up in another commit
requiresVolumes: false,
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Can we just get this fixed up now with a call to PathEscapesAllocDir?

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Intend to follow up in a separate PR to audit all paths where it's a possibility and to add dedicated CHANGELOG item for it.

website/source/docs/drivers/docker.html.md Outdated Show resolved Hide resolved
@notnoop notnoop merged commit 5c354ad into master Nov 30, 2018
@notnoop notnoop deleted the f-docker-mounts branch December 5, 2018 00:50
@schmichael schmichael mentioned this pull request Dec 11, 2018
Closed
@github-actions
Copy link

I'm going to lock this pull request because it has been closed for 120 days ⏳. This helps our maintainers find and focus on the active contributions.
If you have found a problem that seems related to this change, please open a new issue and complete the issue template so we can capture all the details necessary to investigate further.

@github-actions github-actions bot locked as resolved and limited conversation to collaborators Feb 23, 2023
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Reviewers

@schmichael schmichael schmichael approved these changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@notnoop @schmichael