summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorGiuseppe Scrivano <gscrivan@redhat.com>2018-08-15 17:08:27 +0200
committerAtomic Bot <atomic-devel@projectatomic.io>2018-08-15 15:30:15 +0000
commit0ddb42b4f7bffe8f0d3f8415717b94beed8a8545 (patch)
tree3478459aa10fd0644905c0091f1190d0013cc57b
parent883aea51a3dee4398ec25806afa0bb3c9605696e (diff)
downloadpodman-0ddb42b4f7bffe8f0d3f8415717b94beed8a8545.tar.gz
podman-0ddb42b4f7bffe8f0d3f8415717b94beed8a8545.tar.bz2
podman-0ddb42b4f7bffe8f0d3f8415717b94beed8a8545.zip
spec: bind mount /sys only for rootless containers
root can always mount a new instance. Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com> Closes: #1279 Approved by: rhatdan
-rw-r--r--pkg/spec/spec.go2
1 files changed, 1 insertions, 1 deletions
diff --git a/pkg/spec/spec.go b/pkg/spec/spec.go
index bceae4677..231cb59fc 100644
--- a/pkg/spec/spec.go
+++ b/pkg/spec/spec.go
@@ -35,7 +35,7 @@ func CreateConfigToOCISpec(config *CreateConfig) (*spec.Spec, error) { //nolint
Options: []string{"nosuid", "noexec", "nodev", "rw"},
}
g.AddMount(sysMnt)
- } else if !config.UsernsMode.IsHost() && config.NetMode.IsHost() {
+ } else if rootless.IsRootless() && !config.UsernsMode.IsHost() && config.NetMode.IsHost() {
addCgroup = false
g.RemoveMount("/sys")
sysMnt := spec.Mount{