Log if a mount isn't allowed
This commit is contained in:
Matthew Penner
parent
f3419495cd
commit
f7948939eb
|
|
@ -671,22 +671,17 @@ func (d *DockerEnvironment) Create() error {
|
||||||
},
|
},
|
||||||
}
|
}
|
||||||
|
|
||||||
|
var mounted bool
|
||||||
for _, m := range d.Server.Mounts {
|
for _, m := range d.Server.Mounts {
|
||||||
|
mounted = false
|
||||||
source := filepath.Clean(m.Source)
|
source := filepath.Clean(m.Source)
|
||||||
|
target := filepath.Clean(m.Target)
|
||||||
|
|
||||||
for _, allowed := range config.Get().AllowedMounts {
|
for _, allowed := range config.Get().AllowedMounts {
|
||||||
if !strings.HasPrefix(source, allowed) {
|
if !strings.HasPrefix(source, allowed) {
|
||||||
continue
|
continue
|
||||||
}
|
}
|
||||||
|
|
||||||
target := filepath.Clean(m.Target)
|
|
||||||
|
|
||||||
log.WithFields(log.Fields{
|
|
||||||
"server": d.Server.Uuid,
|
|
||||||
"source": source,
|
|
||||||
"target": target,
|
|
||||||
"read_only": m.ReadOnly,
|
|
||||||
}).Debug("attaching mount to server's container")
|
|
||||||
mounts = append(mounts, mount.Mount{
|
mounts = append(mounts, mount.Mount{
|
||||||
Type: mount.TypeBind,
|
Type: mount.TypeBind,
|
||||||
|
|
||||||
|
|
@ -694,6 +689,21 @@ func (d *DockerEnvironment) Create() error {
|
||||||
Target: target,
|
Target: target,
|
||||||
ReadOnly: m.ReadOnly,
|
ReadOnly: m.ReadOnly,
|
||||||
})
|
})
|
||||||
|
|
||||||
|
mounted = true
|
||||||
|
break
|
||||||
|
}
|
||||||
|
|
||||||
|
log := log.WithFields(log.Fields{
|
||||||
|
"server": d.Server.Uuid,
|
||||||
|
"source_path": source,
|
||||||
|
"target_path": target,
|
||||||
|
"read_only": m.ReadOnly,
|
||||||
|
})
|
||||||
|
if mounted {
|
||||||
|
log.Debug("attaching mount to server's container")
|
||||||
|
} else {
|
||||||
|
log.Warn("skipping mount because it isn't allowed")
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
|
||||||
Loading…
Reference in New Issue
Block a user