update list of internal volumes and variables

2020-11-17 08:27:58 -05:00
parent f213588b27
commit c8b3a362a2
1 changed files with 23 additions and 0 deletions
--- a/engine/compiler/util.go
+++ b/engine/compiler/util.go
@@ -146,11 +146,14 @@ func isRestrictedVolume(path string) bool {
 	switch {
 	case path == "/":
 	case path == "/var":
+	case path == "/etc":
 	case strings.Contains(path, "/var/run"):
 	case strings.Contains(path, "/proc"):
 	case strings.Contains(path, "/mount"):
 	case strings.Contains(path, "/bin"):
 	case strings.Contains(path, "/usr/local/bin"):
+	case strings.Contains(path, "/usr/local/sbin"):
+	case strings.Contains(path, "/usr/bin"):
 	case strings.Contains(path, "/mnt"):
 	case strings.Contains(path, "/media"):
 	case strings.Contains(path, "/sys"):
@@ -161,3 +164,23 @@ func isRestrictedVolume(path string) bool {
 	}
 	return true
 }
+
+// helper function returns true if the environment variable
+// is restricted for internal-use only.
+func isRestrictedVariable(env map[string]*manifest.Variable) bool {
+	for _, name := range restrictedVars {
+		if _, ok := env[name]; ok {
+			return true
+		}
+	}
+	return false
+}
+
+// list of restricted variables
+var restrictedVars = []string{
+	"XDG_RUNTIME_DIR",
+	"DOCKER_OPTS",
+	"DOCKER_HOST",
+	"PATH",
+	"HOME",
+}