Compare mount by value instead of reference

This has to be since the mounts are reloaded
each time a mount is added. In case of two
mounts mounting at the same time there will
be a race condition for applying policy.

Signed-off-by: NymanRobin <robin.nyman@est.tech>

diff --git a/actions/policy.go b/actions/policy.go
index c621725628a344b63905ca9d241832155ebf9705..d745f8be63ea00e3c0ef36ee8a5ab563671cada3 100644 (file)
--- a/actions/policy.go
+++ b/actions/policy.go
@@ -24,6 +24,7 @@ import (
        "log"
        "os"
        "os/user"
+       "reflect"
 
        "github.com/pkg/errors"
        "google.golang.org/protobuf/proto"
@@ -452,7 +453,7 @@ func (policy *Policy) AddProtector(protector *Protector) error {
 
        // If the protector is on a different filesystem, we need to add a link
        // to it on the policy's filesystem.
-       if policy.Context.Mount != protector.Context.Mount {
+       if !reflect.DeepEqual(policy.Context.Mount, protector.Context.Mount) {
                log.Printf("policy on %s\n protector on %s\n", policy.Context.Mount, protector.Context.Mount)
                ownerIfCreating, err := getOwnerOfMetadataForProtector(protector)
                if err != nil {
@@ -525,7 +526,7 @@ func (policy *Policy) RemoveProtector(protectorDescriptor string) error {
 func (policy *Policy) Apply(path string) error {
        if pathMount, err := filesystem.FindMount(path); err != nil {
                return err
-       } else if pathMount != policy.Context.Mount {
+       } else if !reflect.DeepEqual(pathMount, policy.Context.Mount) {
                return &ErrDifferentFilesystem{policy.Context.Mount, pathMount}
        }
 

diff --git a/filesystem/mountpoint_test.go b/filesystem/mountpoint_test.go
index f06219c108c1feb2fcabeb7e66ca080e097c79ad..fd7e05d55389b95d4f3c38a289881a7aca5e15d6 100644 (file)
--- a/filesystem/mountpoint_test.go
+++ b/filesystem/mountpoint_test.go
@@ -27,6 +27,7 @@ import (
        "fmt"
        "os"
        "path/filepath"
+       "reflect"
        "strings"
        "testing"
 )
@@ -544,3 +545,21 @@ func BenchmarkLoadFirst(b *testing.B) {
                }
        }
 }
+
+// Test mount comparison by values instead of by reference,
+// as the map mountsByDevice gets recreated on each load.
+// This ensures that concurrent mounts work properly.
+func TestMountComparison(t *testing.T) {
+       var mountinfo = `
+15 0 259:3 / /home rw,relatime shared:1 - ext4 /dev/root rw,data=ordered
+`
+       beginLoadMountInfoTest()
+       defer endLoadMountInfoTest()
+       loadMountInfoFromString(mountinfo)
+       firstMnt := mountForDevice("259:3")
+       loadMountInfoFromString(mountinfo)
+       secondMnt := mountForDevice("259:3")
+       if !reflect.DeepEqual(firstMnt, secondMnt) {
+               t.Errorf("Mount comparison does not work")
+       }
+}