From d60301edb88a4e182a10cd2becb3795b2dd13fab Mon Sep 17 00:00:00 2001 From: Tianon Gravi Date: Thu, 8 May 2014 01:03:45 -0600 Subject: [PATCH] Update restrict.Restrict to both show the error message when failing to mount /dev/null over /proc/kcore, and to ignore "not exists" errors while doing so (for when CONFIG_PROC_KCORE=n in the kernel) Docker-DCO-1.1-Signed-off-by: Andrew Page (github: tianon) --- pkg/libcontainer/security/restrict/restrict.go | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) diff --git a/pkg/libcontainer/security/restrict/restrict.go b/pkg/libcontainer/security/restrict/restrict.go index e1296b1..361d076 100644 --- a/pkg/libcontainer/security/restrict/restrict.go +++ b/pkg/libcontainer/security/restrict/restrict.go @@ -4,6 +4,7 @@ package restrict import ( "fmt" + "os" "syscall" "github.com/dotcloud/docker/pkg/system" @@ -18,8 +19,8 @@ func Restrict(mounts ...string) error { return fmt.Errorf("unable to remount %s readonly: %s", dest, err) } } - if err := system.Mount("/dev/null", "/proc/kcore", "", syscall.MS_BIND, ""); err != nil { - return fmt.Errorf("unable to bind-mount /dev/null over /proc/kcore") + if err := system.Mount("/dev/null", "/proc/kcore", "", syscall.MS_BIND, ""); err != nil && !os.IsNotExist(err) { + return fmt.Errorf("unable to bind-mount /dev/null over /proc/kcore: %s", err) } return nil } -- 1.9.1