Update restrict.Restrict to both show the error message when failing to mount /dev/null over /proc/kcore, and to ignore "not exists" errors while doing so (for when CONFIG_PROC_KCORE=n in the kernel)

tianon · tianon · commit b64310a3ce47 · 2014-05-08T01:03:45.000-06:00
Docker-DCO-1.1-Signed-off-by: Andrew Page &lt;admwiggin@gmail.com&gt; (github: tianon)
diff --git a/security/restrict/restrict.go b/security/restrict/restrict.go
@@ -4,6 +4,7 @@ package restrict
 
 import (
 	"fmt"
+	"os"
 	"syscall"
 
 	"github.com/dotcloud/docker/pkg/system"
@@ -18,8 +19,8 @@ func Restrict(mounts ...string) error {
 			return fmt.Errorf("unable to remount %s readonly: %s", dest, err)
 		}
 	}
-	if err := system.Mount("/dev/null", "/proc/kcore", "", syscall.MS_BIND, ""); err != nil {
-		return fmt.Errorf("unable to bind-mount /dev/null over /proc/kcore")
+	if err := system.Mount("/dev/null", "/proc/kcore", "", syscall.MS_BIND, ""); err != nil && !os.IsNotExist(err) {
+		return fmt.Errorf("unable to bind-mount /dev/null over /proc/kcore: %s", err)
 	}
 	return nil
 }

Original file line number	Diff line number	Diff line change
`@@ -4,6 +4,7 @@ package restrict`
`4`	`4`
`5`	`5`	`import (`
`6`	`6`	`"fmt"`
	`7`	`+ "os"`
`7`	`8`	`"syscall"`
`8`	`9`
`9`	`10`	`"github.com/dotcloud/docker/pkg/system"`
`@@ -18,8 +19,8 @@ func Restrict(mounts ...string) error {`
`18`	`19`	`return fmt.Errorf("unable to remount %s readonly: %s", dest, err)`
`19`	`20`	`}`
`20`	`21`	`}`
`21`		`- if err := system.Mount("/dev/null", "/proc/kcore", "", syscall.MS_BIND, ""); err != nil {`
`22`		`- return fmt.Errorf("unable to bind-mount /dev/null over /proc/kcore")`
	`22`	`+ if err := system.Mount("/dev/null", "/proc/kcore", "", syscall.MS_BIND, ""); err != nil && !os.IsNotExist(err) {`
	`23`	`+ return fmt.Errorf("unable to bind-mount /dev/null over /proc/kcore: %s", err)`
`23`	`24`	`}`
`24`	`25`	`return nil`
`25`	`26`	`}`