Merge pull request #1073 from Random-Liu/cherrypick-#1072-release-1.0

Random-Liu · web-flow · commit 5b8046c28ee1 · 2019-03-04T17:54:56.000-08:00
Cherrypick #1072 release 1.0
diff --git a/pkg/server/container_create.go b/pkg/server/container_create.go
@@ -192,7 +192,7 @@ func (c *criService) CreateContainer(ctx context.Context, r *runtime.CreateConta
 	if len(volumeMounts) > 0 {
 		mountMap := make(map[string]string)
 		for _, v := range volumeMounts {
-			mountMap[v.HostPath] = v.ContainerPath
+			mountMap[filepath.Clean(v.HostPath)] = v.ContainerPath
 		}
 		opts = append(opts, customopts.WithVolumes(mountMap))
 	}
@@ -723,7 +723,7 @@ func setOCIBindMountsPrivileged(g *generator) {
 	spec := g.Spec()
 	// clear readonly for /sys and cgroup
 	for i, m := range spec.Mounts {
-		if spec.Mounts[i].Destination == "/sys" && !spec.Root.Readonly {
+		if filepath.Clean(spec.Mounts[i].Destination) == "/sys" && !spec.Root.Readonly {
 			clearReadOnly(&spec.Mounts[i])
 		}
 		if m.Type == "cgroup" {
@@ -830,7 +830,7 @@ func defaultRuntimeSpec(id string) (*runtimespec.Spec, error) {
 	// TODO(random-liu): Mount tmpfs for /run and handle copy-up.
 	var mounts []runtimespec.Mount
 	for _, mount := range spec.Mounts {
-		if mount.Destination == "/run" {
+		if filepath.Clean(mount.Destination) == "/run" {
 			continue
 		}
 		mounts = append(mounts, mount)
diff --git a/pkg/server/container_create_test.go b/pkg/server/container_create_test.go
@@ -308,7 +308,8 @@ func TestContainerSpecWithExtraMounts(t *testing.T) {
 	config, sandboxConfig, imageConfig, specCheck := getCreateContainerTestData()
 	c := newTestCRIService()
 	mountInConfig := &runtime.Mount{
-		ContainerPath: "test-container-path",
+		// Test cleanpath
+		ContainerPath: "test-container-path/",
 		HostPath:      "test-host-path",
 		Readonly:      false,
 	}
@@ -335,7 +336,7 @@ func TestContainerSpecWithExtraMounts(t *testing.T) {
 	specCheck(t, testID, testSandboxID, testPid, spec)
 	var mounts, sysMounts, devMounts []runtimespec.Mount
 	for _, m := range spec.Mounts {
-		if m.Destination == "test-container-path" {
+		if strings.HasPrefix(m.Destination, "test-container-path") {
 			mounts = append(mounts, m)
 		} else if m.Destination == "/sys" {
 			sysMounts = append(sysMounts, m)
@@ -498,6 +499,21 @@ func TestGenerateVolumeMounts(t *testing.T) {
 				"/test-volume-2",
 			},
 		},
+		"should compare and return cleanpath": {
+			criMounts: []*runtime.Mount{
+				{
+					ContainerPath: "/test-volume-1",
+					HostPath:      "/test-hostpath-1",
+				},
+			},
+			imageVolumes: map[string]struct{}{
+				"/test-volume-1/": {},
+				"/test-volume-2/": {},
+			},
+			expectedMountDest: []string{
+				"/test-volume-2/",
+			},
+		},
 	} {
 		t.Logf("TestCase %q", desc)
 		config := &imagespec.ImageConfig{
diff --git a/pkg/server/helpers.go b/pkg/server/helpers.go
@@ -414,7 +414,7 @@ func checkSelinuxLevel(level string) (bool, error) {
 // isInCRIMounts checks whether a destination is in CRI mount list.
 func isInCRIMounts(dst string, mounts []*runtime.Mount) bool {
 	for _, m := range mounts {
-		if m.ContainerPath == dst {
+		if filepath.Clean(m.ContainerPath) == filepath.Clean(dst) {
 			return true
 		}
 	}

Original file line number	Diff line number	Diff line change
`@@ -414,7 +414,7 @@ func checkSelinuxLevel(level string) (bool, error) {`
`414`	`414`	`// isInCRIMounts checks whether a destination is in CRI mount list.`
`415`	`415`	`func isInCRIMounts(dst string, mounts []*runtime.Mount) bool {`
`416`	`416`	`for _, m := range mounts {`
`417`		`- if m.ContainerPath == dst {`
	`417`	`+ if filepath.Clean(m.ContainerPath) == filepath.Clean(dst) {`
`418`	`418`	`return true`
`419`	`419`	`}`
`420`	`420`	`}`