From 068b9f8f5dec46b222470f6d3f03244ba5b65f5c Mon Sep 17 00:00:00 2001 From: NymanRobin Date: Thu, 2 May 2024 11:20:01 +0300 Subject: [PATCH] Compare mount by value instead of reference This has to be since the mounts are reloaded each time a mount is added. In case of two mounts mounting at the same time there will be a race condition for applying policy. Signed-off-by: NymanRobin --- actions/policy.go | 5 +++-- filesystem/mountpoint_test.go | 19 +++++++++++++++++++ 2 files changed, 22 insertions(+), 2 deletions(-) diff --git a/actions/policy.go b/actions/policy.go index c6217256..d745f8be 100644 --- a/actions/policy.go +++ b/actions/policy.go @@ -24,6 +24,7 @@ import ( "log" "os" "os/user" + "reflect" "github.com/pkg/errors" "google.golang.org/protobuf/proto" @@ -452,7 +453,7 @@ func (policy *Policy) AddProtector(protector *Protector) error { // If the protector is on a different filesystem, we need to add a link // to it on the policy's filesystem. - if policy.Context.Mount != protector.Context.Mount { + if !reflect.DeepEqual(policy.Context.Mount, protector.Context.Mount) { log.Printf("policy on %s\n protector on %s\n", policy.Context.Mount, protector.Context.Mount) ownerIfCreating, err := getOwnerOfMetadataForProtector(protector) if err != nil { @@ -525,7 +526,7 @@ func (policy *Policy) RemoveProtector(protectorDescriptor string) error { func (policy *Policy) Apply(path string) error { if pathMount, err := filesystem.FindMount(path); err != nil { return err - } else if pathMount != policy.Context.Mount { + } else if !reflect.DeepEqual(pathMount, policy.Context.Mount) { return &ErrDifferentFilesystem{policy.Context.Mount, pathMount} } diff --git a/filesystem/mountpoint_test.go b/filesystem/mountpoint_test.go index f06219c1..fd7e05d5 100644 --- a/filesystem/mountpoint_test.go +++ b/filesystem/mountpoint_test.go @@ -27,6 +27,7 @@ import ( "fmt" "os" "path/filepath" + "reflect" "strings" "testing" ) @@ -544,3 +545,21 @@ func BenchmarkLoadFirst(b *testing.B) { } } } + +// Test mount comparison by values instead of by reference, +// as the map mountsByDevice gets recreated on each load. +// This ensures that concurrent mounts work properly. +func TestMountComparison(t *testing.T) { + var mountinfo = ` +15 0 259:3 / /home rw,relatime shared:1 - ext4 /dev/root rw,data=ordered +` + beginLoadMountInfoTest() + defer endLoadMountInfoTest() + loadMountInfoFromString(mountinfo) + firstMnt := mountForDevice("259:3") + loadMountInfoFromString(mountinfo) + secondMnt := mountForDevice("259:3") + if !reflect.DeepEqual(firstMnt, secondMnt) { + t.Errorf("Mount comparison does not work") + } +}