diff options
author | Giuseppe Scrivano <gscrivan@redhat.com> | 2018-08-15 17:08:27 +0200 |
---|---|---|
committer | Atomic Bot <atomic-devel@projectatomic.io> | 2018-08-15 15:30:15 +0000 |
commit | 0ddb42b4f7bffe8f0d3f8415717b94beed8a8545 (patch) | |
tree | 3478459aa10fd0644905c0091f1190d0013cc57b | |
parent | 883aea51a3dee4398ec25806afa0bb3c9605696e (diff) | |
download | podman-0ddb42b4f7bffe8f0d3f8415717b94beed8a8545.tar.gz podman-0ddb42b4f7bffe8f0d3f8415717b94beed8a8545.tar.bz2 podman-0ddb42b4f7bffe8f0d3f8415717b94beed8a8545.zip |
spec: bind mount /sys only for rootless containers
root can always mount a new instance.
Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
Closes: #1279
Approved by: rhatdan
-rw-r--r-- | pkg/spec/spec.go | 2 |
1 files changed, 1 insertions, 1 deletions
diff --git a/pkg/spec/spec.go b/pkg/spec/spec.go index bceae4677..231cb59fc 100644 --- a/pkg/spec/spec.go +++ b/pkg/spec/spec.go @@ -35,7 +35,7 @@ func CreateConfigToOCISpec(config *CreateConfig) (*spec.Spec, error) { //nolint Options: []string{"nosuid", "noexec", "nodev", "rw"}, } g.AddMount(sysMnt) - } else if !config.UsernsMode.IsHost() && config.NetMode.IsHost() { + } else if rootless.IsRootless() && !config.UsernsMode.IsHost() && config.NetMode.IsHost() { addCgroup = false g.RemoveMount("/sys") sysMnt := spec.Mount{ |