go
/
gvisor
1
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity
gvisor/runsc
History
Fabricio Voznika e4d3ca7263 Prevent internal tmpfs mount to override files in /tmp 
Runsc wants to mount /tmp using internal tmpfs implementation for
performance. However, it risks hiding files that may exist under
/tmp in case it's present in the container. Now, it only mounts
over /tmp iff:
  - /tmp was not explicitly asked to be mounted
  - /tmp is empty

If any of this is not true, then /tmp maps to the container's
image /tmp.

Note: checkpoint doesn't have sentry FS mounted to check if /tmp
is empty. It simply looks for explicit mounts right now.
PiperOrigin-RevId: 229607856
Change-Id: I10b6dae7ac157ef578efc4dfceb089f3b94cde06
 		2019-01-16 12:48:32 -08:00
..
boot Prevent internal tmpfs mount to override files in /tmp 2019-01-16 12:48:32 -08:00
cgroup Restore to original cgroup after sandbox and gofer processes are created 2019-01-09 09:18:15 -08:00
cmd runsc: set up a minimal chroot from the sandbox process 2019-01-14 14:08:19 -08:00
console Track paths and provide a rename hook. 2018-10-23 00:20:15 -07:00
container Prevent internal tmpfs mount to override files in /tmp 2019-01-16 12:48:32 -08:00
fsgofer Undo changes in case of failure to create file/dir/symlink 2019-01-07 23:02:19 -08:00
sandbox runsc: set up a minimal chroot from the sandbox process 2019-01-14 14:08:19 -08:00
specutils Restore to original cgroup after sandbox and gofer processes are created 2019-01-09 09:18:15 -08:00
test Prevent internal tmpfs mount to override files in /tmp 2019-01-16 12:48:32 -08:00
tools/dockercfg Internal change. 2018-11-28 14:01:48 -08:00
BUILD runsc: Pass log and config files to sandbox process by FD. 2018-09-04 20:10:01 -07:00
main.go Automated rollback of changelist 225089593 2019-01-02 15:48:00 -08:00