Skip to content

Add masked and readonly paths #364

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
mrunalp merged 1 commit into from
Apr 1, 2016
Merged

Add masked and readonly paths #364

mrunalp merged 1 commit into from
Apr 1, 2016

Conversation

@crosbymichael
Copy link
Member

@crosbymichael crosbymichael commented Apr 1, 2016

Fixes #320

This adds the maskedPaths and readonlyPaths fields to the spec so that
proper masking and setting of files in /proc can be configured.

Signed-off-by: Michael Crosby crosbymichael@gmail.com

vishh
vishh reviewed Apr 1, 2016
View reviewed changes
specs-go/config.go Outdated
// RootfsPropagation is the rootfs mount propagation mode for the container.
RootfsPropagation string `json:"rootfsPropagation,omitempty"`
// MaskedPaths masks over the provided paths inside the container.
MaskedPaths []string `json:"maskedPaths"`
Copy link
Contributor

@vishh vishh Apr 1, 2016

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

nit: Add omitempty here and below

@vishh
Copy link
Contributor

vishh commented Apr 1, 2016

LGTM

wking
wking reviewed Apr 1, 2016
View reviewed changes
config-linux.md Outdated

## Readonly Paths

readonlyPaths will set the provieded paths as readonly inside the container.
Copy link
Contributor

@wking wking Apr 1, 2016

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

“provieded” → “provided”. And probably readonlyPaths (and similar for your earlier maskedPaths docs) to match the rest of the spec.

@wking
Copy link
Contributor

wking commented Apr 1, 2016

On Thu, Mar 31, 2016 at 05:15:51PM -0700, Michael Crosby wrote:

This adds the maskedPaths and readonlyPaths fields to the spec so
that proper masking and setting of files in /proc can be configured.

I'm still not sure we need these 1, but if they're going in, should
they also come with JSON Schema entries? Or is the policy there
@vbatts does his best to keep them up to date on his own” 2 ;)?

@crosbymichael
Add masked and readonly paths
adcbe53 
Fixes opencontainers#320

This adds the maskedPaths and readonlyPaths fields to the spec so that
proper masking and setting of files in /proc can be configured.

Signed-off-by: Michael Crosby <crosbymichael@gmail.com>
@crosbymichael
Copy link
Member Author

crosbymichael commented Apr 1, 2016

@vbatts i tried to updated the scheme stuff, let me know if I did it wrong

@mrunalp
Copy link
Contributor

mrunalp commented Apr 1, 2016

The schema changes look good. (I also tested them using the validate tool).
LGTM

@mrunalp mrunalp merged commit 93ca97e into opencontainers:master Apr 1, 2016
@crosbymichael crosbymichael deleted the masked-paths branch April 1, 2016 19:02
@thaJeztah thaJeztah mentioned this pull request Apr 4, 2016
Closed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

4 participants

@crosbymichael @vishh @wking @mrunalp