d739948989
This PR will add an option to mount: - `/etc/group` - `/etc/passwd` Signed-off-by: Matthew Penner <me@matthewp.io>
90 lines
2.7 KiB
Go
90 lines
2.7 KiB
Go
package server
|
|
|
|
import (
|
|
"path/filepath"
|
|
"strings"
|
|
|
|
"github.com/apex/log"
|
|
|
|
"github.com/pterodactyl/wings/config"
|
|
"github.com/pterodactyl/wings/environment"
|
|
)
|
|
|
|
// To avoid confusion when working with mounts, assume that a server.Mount has not been properly
|
|
// cleaned up and had the paths set. An environment.Mount should only be returned with valid paths
|
|
// that have been checked.
|
|
type Mount environment.Mount
|
|
|
|
// Returns the default container mounts for the server instance. This includes the data directory
|
|
// for the server. Previously this would also mount in host timezone files, however we've moved from
|
|
// that approach to just setting `TZ=Timezone` environment values in containers which should work
|
|
// in most scenarios.
|
|
func (s *Server) Mounts() []environment.Mount {
|
|
m := []environment.Mount{
|
|
{
|
|
Default: true,
|
|
Target: "/home/container",
|
|
Source: s.Filesystem().Path(),
|
|
ReadOnly: false,
|
|
},
|
|
}
|
|
|
|
// Handle mounting a generated `/etc/passwd` if the feature is enabled.
|
|
if passwd := config.Get().System.Passwd; passwd.Enable {
|
|
s.Log().WithFields(log.Fields{"source_path": passwd.Directory}).Info("mouting generated /etc/{group,passwd} to workaround UID/GID issues")
|
|
m = append(m, environment.Mount{
|
|
Source: filepath.Join(passwd.Directory, "group"),
|
|
Target: "/etc/group",
|
|
ReadOnly: true,
|
|
})
|
|
m = append(m, environment.Mount{
|
|
Source: filepath.Join(passwd.Directory, "passwd"),
|
|
Target: "/etc/passwd",
|
|
ReadOnly: true,
|
|
})
|
|
}
|
|
|
|
// Also include any of this server's custom mounts when returning them.
|
|
return append(m, s.customMounts()...)
|
|
}
|
|
|
|
// Returns the custom mounts for a given server after verifying that they are within a list of
|
|
// allowed mount points for the node.
|
|
func (s *Server) customMounts() []environment.Mount {
|
|
var mounts []environment.Mount
|
|
|
|
// TODO: probably need to handle things trying to mount directories that do not exist.
|
|
for _, m := range s.Config().Mounts {
|
|
source := filepath.Clean(m.Source)
|
|
target := filepath.Clean(m.Target)
|
|
|
|
logger := s.Log().WithFields(log.Fields{
|
|
"source_path": source,
|
|
"target_path": target,
|
|
"read_only": m.ReadOnly,
|
|
})
|
|
|
|
mounted := false
|
|
for _, allowed := range config.Get().AllowedMounts {
|
|
// Check if the source path is included in the allowed mounts list.
|
|
// filepath.Clean will strip all trailing slashes (unless the path is a root directory).
|
|
if !strings.HasPrefix(source, filepath.Clean(allowed)) {
|
|
continue
|
|
}
|
|
mounted = true
|
|
mounts = append(mounts, environment.Mount{
|
|
Source: source,
|
|
Target: target,
|
|
ReadOnly: m.ReadOnly,
|
|
})
|
|
break
|
|
}
|
|
|
|
if !mounted {
|
|
logger.Warn("skipping custom server mount, not in list of allowed mount points")
|
|
}
|
|
}
|
|
|
|
return mounts
|
|
}
|