go
/
gvisor
1
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity
gvisor/runsc/container
History
Fabricio Voznika e4d3ca7263 Prevent internal tmpfs mount to override files in /tmp 
Runsc wants to mount /tmp using internal tmpfs implementation for
performance. However, it risks hiding files that may exist under
/tmp in case it's present in the container. Now, it only mounts
over /tmp iff:
  - /tmp was not explicitly asked to be mounted
  - /tmp is empty

If any of this is not true, then /tmp maps to the container's
image /tmp.

Note: checkpoint doesn't have sentry FS mounted to check if /tmp
is empty. It simply looks for explicit mounts right now.
PiperOrigin-RevId: 229607856
Change-Id: I10b6dae7ac157ef578efc4dfceb089f3b94cde06
 		2019-01-16 12:48:32 -08:00
..
BUILD Restore to original cgroup after sandbox and gofer processes are created 2019-01-09 09:18:15 -08:00
console_test.go Use correct company name in copyright header 2018-10-19 16:35:11 -07:00
container.go runsc: Collect zombies of sandbox and gofer processes 2019-01-11 10:32:26 -08:00
container_test.go Create working directory if it doesn't yet exist 2019-01-15 14:13:27 -08:00
fs.go Create working directory if it doesn't yet exist 2019-01-15 14:13:27 -08:00
fs_test.go Use correct company name in copyright header 2018-10-19 16:35:11 -07:00
hook.go Use correct company name in copyright header 2018-10-19 16:35:11 -07:00
multi_container_test.go Prevent internal tmpfs mount to override files in /tmp 2019-01-16 12:48:32 -08:00
status.go Use correct company name in copyright header 2018-10-19 16:35:11 -07:00
test_app.go Use correct company name in copyright header 2018-10-19 16:35:11 -07:00