prevent mounting run/drone directory

2019-11-08 12:20:50 -08:00
parent e699edd0e1
commit 6dace0adc9
4 changed files with 32 additions and 0 deletions
--- a/engine/linter/linter_test.go
+++ b/engine/linter/linter_test.go
@@ -48,6 +48,14 @@ func TestLint(t *testing.T) {
 			invalid: true,
 			message: "linter: invalid volume name: _docker_socket",
 		},
+		// user should not be trying to mount internal or restricted
+		// volume paths.
+		{
+			path:    "testdata/volume_restricted.yml",
+			trusted: false,
+			invalid: true,
+			message: "linter: cannot mount volume at /run/drone",
+		},
 		// user should not be able to mount host path
 		// volumes unless the repository is trusted.
 		{