Fix a bug in volume handling for multi-stage images. (#554)

We were previously not resetting the whitelist between stages, this caused issues with volumes.
2019-02-07 09:01:49 -06:00 · 2019-02-07 09:01:49 -06:00 · e14b660947
parent 82fe355f14
commit e14b660947
3 changed files with 10 additions and 2 deletions
--- a/integration/dockerfiles/Dockerfile_test_volume_3
+++ b/integration/dockerfiles/Dockerfile_test_volume_3
@ -0,0 +1,5 @@
+FROM scratch as one
+VOLUME /vol
+
+FROM alpine@sha256:5ce5f501c457015c4b91f91a15ac69157d9b06f1a75cf9107bf2b62e0843983a as two
+RUN mkdir /vol && echo hey > /vol/foo
--- a/integration/integration_test.go
+++ b/integration/integration_test.go
@ -218,7 +218,7 @@ func TestRun(t *testing.T) {

 			// container-diff
 			daemonDockerImage := daemonPrefix + dockerImage
-			containerdiffCmd := exec.Command("container-diff", "diff",
+			containerdiffCmd := exec.Command("container-diff", "diff", "--no-cache",
 				daemonDockerImage, kanikoImage,
 				"-q", "--type=file", "--type=metadata", "--json")
 			diff := RunCommand(containerdiffCmd, t)
--- a/pkg/util/fs_util.go
+++ b/pkg/util/fs_util.go
@ -42,7 +42,7 @@ type WhitelistEntry struct {
 	PrefixMatchOnly bool
 }

-var whitelist = []WhitelistEntry{
+var initialWhitelist = []WhitelistEntry{
 	{
 		Path:            "/kaniko",
 		PrefixMatchOnly: false,
@ -62,6 +62,8 @@ var whitelist = []WhitelistEntry{
 	},
 }

+var whitelist = initialWhitelist
+
 var excluded []string

 // GetFSFromImage extracts the layers of img to root
@ -328,6 +330,7 @@ func checkWhitelistRoot(root string) bool {
 // Where (5) is the mount point relative to the process's root
 // From: https://www.kernel.org/doc/Documentation/filesystems/proc.txt
 func DetectFilesystemWhitelist(path string) error {
+	whitelist = initialWhitelist
 	f, err := os.Open(path)
 	if err != nil {
 		return err