Log if a mount isn't allowed

This commit is contained in:
Matthew Penner 2020-07-04 16:20:58 -06:00
parent f3419495cd
commit f7948939eb

View File

@ -671,22 +671,17 @@ func (d *DockerEnvironment) Create() error {
}, },
} }
var mounted bool
for _, m := range d.Server.Mounts { for _, m := range d.Server.Mounts {
mounted = false
source := filepath.Clean(m.Source) source := filepath.Clean(m.Source)
target := filepath.Clean(m.Target)
for _, allowed := range config.Get().AllowedMounts { for _, allowed := range config.Get().AllowedMounts {
if !strings.HasPrefix(source, allowed) { if !strings.HasPrefix(source, allowed) {
continue continue
} }
target := filepath.Clean(m.Target)
log.WithFields(log.Fields{
"server": d.Server.Uuid,
"source": source,
"target": target,
"read_only": m.ReadOnly,
}).Debug("attaching mount to server's container")
mounts = append(mounts, mount.Mount{ mounts = append(mounts, mount.Mount{
Type: mount.TypeBind, Type: mount.TypeBind,
@ -694,6 +689,21 @@ func (d *DockerEnvironment) Create() error {
Target: target, Target: target,
ReadOnly: m.ReadOnly, ReadOnly: m.ReadOnly,
}) })
mounted = true
break
}
log := log.WithFields(log.Fields{
"server": d.Server.Uuid,
"source_path": source,
"target_path": target,
"read_only": m.ReadOnly,
})
if mounted {
log.Debug("attaching mount to server's container")
} else {
log.Warn("skipping mount because it isn't allowed")
} }
} }