Skip to content
This repository has been archived by the owner on Dec 13, 2018. It is now read-only.

Commit

Permalink
Update restrict.Restrict to both show the error message when failing …
Browse files Browse the repository at this point in the history 
…to mount /dev/null over /proc/kcore, and to ignore "not exists" errors while doing so (for when CONFIG_PROC_KCORE=n in the kernel)

Docker-DCO-1.1-Signed-off-by: Andrew Page <admwiggin@gmail.com> (github: tianon)
  • Loading branch information
@tianon
tianon committed May 8, 2014
1 parent 68de553 commit b64310a
Showing 1 changed file with 3 additions and 2 deletions.
5 changes: 3 additions & 2 deletions security/restrict/restrict.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -4,6 +4,7 @@ package restrict

import (
"fmt"
"os"
"syscall"

"github.com/dotcloud/docker/pkg/system"
Expand All @@ -18,8 +19,8 @@ func Restrict(mounts ...string) error {
return fmt.Errorf("unable to remount %s readonly: %s", dest, err)
}
}
if err := system.Mount("/dev/null", "/proc/kcore", "", syscall.MS_BIND, ""); err != nil {
return fmt.Errorf("unable to bind-mount /dev/null over /proc/kcore")
if err := system.Mount("/dev/null", "/proc/kcore", "", syscall.MS_BIND, ""); err != nil && !os.IsNotExist(err) {
return fmt.Errorf("unable to bind-mount /dev/null over /proc/kcore: %s", err)
}
return nil
}

0 comments on commit b64310a

Please sign in to comment.