prevent mounting run/drone directory

2019-11-08 12:20:50 -08:00
parent e699edd0e1
commit 6dace0adc9
4 changed files with 32 additions and 0 deletions
--- a/engine/linter/linter.go
+++ b/engine/linter/linter.go
@@ -7,6 +7,8 @@ package linter
 import (
 	"errors"
 	"fmt"
+	"path/filepath"
+	"strings"

 	"github.com/drone-runners/drone-runner-docker/engine/resource"
 )
@@ -123,6 +125,9 @@ func checkStep(step *resource.Step, trusted bool) error {
 		case "workspace", "_workspace", "_docker_socket":
 			return fmt.Errorf("linter: invalid volume name: %s", mount.Name)
 		}
+		if strings.HasPrefix(filepath.Clean(mount.MountPath), "/run/drone") {
+			return fmt.Errorf("linter: cannot mount volume at /run/drone")
+		}
 	}
 	return nil
 }