toolshed/docker-cli
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Make plugins dir private.

Browse Source 
This prevents mounts in the plugins dir from leaking into other
namespaces which can prevent removal (`device or resource busy`),
particularly on older kernels.

Signed-off-by: Brian Goff <cpuguy83@gmail.com>
(cherry picked from commit 0c2821d6f2de692d105e50a399daa65169697cca)
Signed-off-by: Victor Vieux <victorvieux@gmail.com>
This commit is contained in:
Brian Goff
2017-08-02 16:45:12 -04:00
committed by Victor Vieux
parent 8c4be39ddd
commit 9ea6d317bb
4 changed files with 17 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

8
components/engine/plugin/manager_linux.go
View File

@ -162,6 +162,13 @@ func shutdownPlugin(p *v2.Plugin, c *controller, containerdClient libcontainerd.
}
}
func setupRoot(root string) error {
if err := mount.MakePrivate(root); err != nil {
return errors.Wrap(err, "error setting plugin manager root to private")
}
return nil
}
func (pm *Manager) disable(p *v2.Plugin, c *controller) error {
if !p.IsEnabled() {
return fmt.Errorf("plugin %s is already disabled", p.Name())
@ -190,6 +197,7 @@ func (pm *Manager) Shutdown() {
shutdownPlugin(p, c, pm.containerdClient)
}
}
mount.Unmount(pm.config.Root)
}
func (pm *Manager) upgradePlugin(p *v2.Plugin, configDigest digest.Digest, blobsums []digest.Digest, tmpRootFSDir string, privileges *types.PluginPrivileges) (err error) {