fox-it · Schamper · Sep 23, 2024 · Sep 19, 2024 · Sep 19, 2024 · Sep 23, 2024
diff --git a/dissect/target/filesystems/overlay.py b/dissect/target/filesystems/overlay.py
@@ -89,15 +89,25 @@
 
         # append and mount every layer
         for dest, layer in layers:
-            if layer.is_file() and dest in ["/etc/hosts", "/etc/hostname", "/etc/resolv.conf"]:
+            # we could have collected a layer reference that actually does not exist on the host
+            if not layer.exists():
+                log.warning(
+                    "Can not mount layer %s for container %s as it does not exist on the host", layer, path.name
+                )
+                continue
+
+            # mount points can be files
+            if layer.is_file():
                 layer_fs = VirtualFilesystem()
-                layer_fs.map_file_fh("/etc/" + layer.name, layer.open("rb"))
-                dest = dest.split("/")[0]
+                layer_fs.map_file_fh(dest, layer.open("rb"))
 
+            # regular overlay2 layers are directories
+            # mount points can be directories too
             else:
                 layer_fs = DirectoryFilesystem(layer)
 
-            self.append_layer().mount(dest, layer_fs)
+            log.info("Adding layer %s to destination %s", layer, dest)
+            self.append_layer().mount("/" if layer.is_file() else dest, layer_fs)
 
     def __repr__(self) -> str:
         return f"<{self.__class__.__name__} {self.base_path}>"
diff --git a/tests/_data/plugins/apps/container/docker/docker.tgz b/tests/_data/plugins/apps/container/docker/docker.tgz
diff --git a/tests/filesystems/test_overlay.py b/tests/filesystems/test_overlay.py
@@ -3,11 +3,13 @@
 
 
 def test_overlay_filesystem_docker_container(target_linux_docker: Target) -> None:
-    mount_path = list(target_linux_docker.fs.path("/var/lib/docker/image/overlay2/layerdb/mounts/").iterdir())[0]
+    mount_path = target_linux_docker.fs.path(
+        "/var/lib/docker/image/overlay2/layerdb/mounts/f988f88e221d97930a665712cf16ab520f7e2c5af395660c145df93aebedf071"  # noqa: E501
+    )
     fs = Overlay2Filesystem(mount_path)
 
     assert fs.__type__ == "overlay2"
-    assert len(fs.layers) == 4
+    assert len(fs.layers) == 9
 
     assert sorted([str(p) for p in fs.path("/").iterdir()]) == sorted(
         [
@@ -29,13 +31,14 @@ def test_overlay_filesystem_docker_container(target_linux_docker: Target) -> Non
             "/usr",
             "/srv",
             "/.dockerenv",
+            "/container",
         ]
     )
 
-    assert [str(p) for p in fs.path("/root").iterdir()] == [
-        "/root/secret.txt",
-        "/root/file.txt",
+    assert sorted([str(p) for p in fs.path("/root").iterdir()]) == [
         "/root/.ash_history",
+        "/root/file.txt",
+        "/root/secret.txt",
     ]
 
     assert fs.path("/root/secret.txt").open().read() == b"this is a secret!\n"
@@ -47,3 +50,19 @@ def test_overlay_filesystem_docker_container(target_linux_docker: Target) -> Non
     assert fs.path("/bin/sh").readlink() == fs.path("/bin/busybox")
     assert fs.path("/etc/ssl/cert.pem").resolve() == fs.path("/etc/ssl/certs/ca-certificates.crt")
     assert fs.path("/usr/lib/libcrypto.so.3").resolve() == fs.path("/lib/libcrypto.so.3")
+
+    # test if standard mounts were correctly added
+    assert fs.path("/etc/hostname").exists()
+    assert fs.path("/etc/hostname").is_file()
+    assert fs.path("/etc/hostname").read_text() == "f988f88e221d\n"
+    assert fs.path("/etc/hosts").exists()
+    assert fs.path("/etc/resolv.conf").exists()
+
+    # test if custom mounts were correctly added
+    assert fs.path("/container/file.txt").exists()
+    assert fs.path("/container/file.txt").is_file()
+    assert fs.path("/container/file.txt").read_text() == "this is a mounted file!\n"
+    assert fs.path("/container/folder").exists()
+    assert fs.path("/container/folder").is_dir()
+    assert fs.path("/container/folder/some-file.txt").exists()
+    assert fs.path("/container/folder/some-file.txt").is_file()
diff --git a/tests/plugins/child/test_docker.py b/tests/plugins/child/test_docker.py
@@ -4,11 +4,13 @@
 
 def test_plugins_child_docker(target_linux_docker: Target) -> None:
     target_linux_docker.add_plugin(DockerChildTargetPlugin)
-    children = list(target_linux_docker.list_children())
+    children = sorted(list(target_linux_docker.list_children()), key=lambda r: r.path)
 
     assert len(children) == 3
     assert children[0].type == "docker"
-    assert (
-        children[0].path
-        == "/var/lib/docker/image/overlay2/layerdb/mounts/f988f88e221d97930a665712cf16ab520f7e2c5af395660c145df93aebedf071"  # noqa: E501
-    )
+
+    assert [c.path for c in children] == [
+        "/var/lib/docker/image/overlay2/layerdb/mounts/01b646bc043eb4ad72f3a64b4ffd9be2cbeb399e0a07497d749d724460ccad3a",  # noqa: E501
+        "/var/lib/docker/image/overlay2/layerdb/mounts/589135d12011921ac6ce69753569da5f206f4bc792a9133727ddae860997ee66",  # noqa: E501
+        "/var/lib/docker/image/overlay2/layerdb/mounts/f988f88e221d97930a665712cf16ab520f7e2c5af395660c145df93aebedf071",  # noqa: E501
+    ]