From cb56a2df49d3a99b0054e20d0079568ecfa3f7da Mon Sep 17 00:00:00 2001 From: Michael Crosby Date: Thu, 26 Jun 2014 10:50:18 -0700 Subject: [PATCH] Allow / as source of -v We discussed this at the docker plumbers meetup and for tools and working on the system for things like boot2docker and coreos this is needed. You can already bypass this check so we felt it is ok to start allowing this feature. Docker-DCO-1.1-Signed-off-by: Michael Crosby (github: crosbymichael) Upstream-commit: e39b8eade1f42503b6b7217e72eff4c8fdc13cb6 Component: engine --- .../engine/integration-cli/docker_cli_run_test.go | 11 +++++++++++ components/engine/runconfig/parse.go | 4 ++-- components/engine/server/server.go | 10 +--------- 3 files changed, 14 insertions(+), 11 deletions(-) diff --git a/components/engine/integration-cli/docker_cli_run_test.go b/components/engine/integration-cli/docker_cli_run_test.go index 9e5a90bedf..a0c3903064 100644 --- a/components/engine/integration-cli/docker_cli_run_test.go +++ b/components/engine/integration-cli/docker_cli_run_test.go @@ -960,3 +960,14 @@ func TestRootWorkdir(t *testing.T) { logDone("run - workdir /") } + +func TestAllowBindMountingRoot(t *testing.T) { + s, _, err := cmd(t, "run", "-v", "/:/host", "busybox", "ls", "/host") + if err != nil { + t.Fatal(s, err) + } + + deleteAllContainers() + + logDone("run - bind mount / as volume") +} diff --git a/components/engine/runconfig/parse.go b/components/engine/runconfig/parse.go index fd3e4a50a7..f057f311cc 100644 --- a/components/engine/runconfig/parse.go +++ b/components/engine/runconfig/parse.go @@ -132,8 +132,8 @@ func parseRun(cmd *flag.FlagSet, args []string, sysInfo *sysinfo.SysInfo) (*Conf // add any bind targets to the list of container volumes for bind := range flVolumes.GetMap() { if arr := strings.Split(bind, ":"); len(arr) > 1 { - if arr[0] == "/" { - return nil, nil, cmd, fmt.Errorf("Invalid bind mount: source can't be '/'") + if arr[1] == "/" { + return nil, nil, cmd, fmt.Errorf("Invalid bind mount: desination can't be '/'") } // after creating the bind mount we want to delete it from the flVolumes values because // we do not want bind mounts being committed to image configs diff --git a/components/engine/server/server.go b/components/engine/server/server.go index fa695adfe2..76b3a83971 100644 --- a/components/engine/server/server.go +++ b/components/engine/server/server.go @@ -2055,19 +2055,11 @@ func (srv *Server) ContainerStart(job *engine.Job) engine.Status { if len(job.Environ()) > 0 { hostConfig := runconfig.ContainerHostConfigFromJob(job) // Validate the HostConfig binds. Make sure that: - // 1) the source of a bind mount isn't / - // The bind mount "/:/foo" isn't allowed. - // 2) Check that the source exists - // The source to be bind mounted must exist. + // the source exists for _, bind := range hostConfig.Binds { splitBind := strings.Split(bind, ":") source := splitBind[0] - // refuse to bind mount "/" to the container - if source == "/" { - return job.Errorf("Invalid bind mount '%s' : source can't be '/'", bind) - } - // ensure the source exists on the host _, err := os.Stat(source) if err != nil && os.IsNotExist(err) {