Use IsRestrictedVolume from runner-go

2021-06-30 14:52:05 +02:00
parent e4064e6260
commit 3c1bfd3a84
3 changed files with 5 additions and 50 deletions
--- a/engine/compiler/util.go
+++ b/engine/compiler/util.go
@@ -5,11 +5,11 @@
 package compiler

 import (
-	"path/filepath"
 	"strings"

 	"github.com/drone-runners/drone-runner-docker/engine"
 	"github.com/drone-runners/drone-runner-docker/engine/resource"
+
 	"github.com/drone/drone-go/drone"
 	"github.com/drone/runner-go/manifest"
 )
@@ -138,33 +138,6 @@ func convertPullPolicy(s string) engine.PullPolicy {
 	}
 }

-// helper function returns true if mounting the volume
-// is restricted for un-trusted containers.
-func isRestrictedVolume(path string) bool {
-	path, _ = filepath.Abs(path)
-	path = strings.ToLower(path)
-	switch {
-	case path == "/":
-	case path == "/var":
-	case path == "/etc":
-	case strings.HasPrefix(path, "/var/run"):
-	case strings.HasPrefix(path, "/proc"):
-	case strings.HasPrefix(path, "/mount"):
-	case strings.HasPrefix(path, "/bin"):
-	case strings.HasPrefix(path, "/usr/local/bin"):
-	case strings.HasPrefix(path, "/usr/local/sbin"):
-	case strings.HasPrefix(path, "/usr/bin"):
-	case strings.HasPrefix(path, "/mnt"):
-	case strings.HasPrefix(path, "/media"):
-	case strings.HasPrefix(path, "/sys"):
-	case strings.HasPrefix(path, "/dev"):
-	case strings.HasPrefix(path, "/etc/docker"):
-	default:
-		return false
-	}
-	return true
-}
-
 // helper function returns true if the environment variable
 // is restricted for internal-use only.
 func isRestrictedVariable(env map[string]*manifest.Variable) bool {