diff options
author | Giuseppe Scrivano <gscrivan@redhat.com> | 2018-08-27 12:32:43 +0200 |
---|---|---|
committer | Atomic Bot <atomic-devel@projectatomic.io> | 2018-08-27 12:49:32 +0000 |
commit | 5f0a1c1ff8e6b44566334567adeba0e8bba8c8d8 (patch) | |
tree | 20d96022241b6d6d989048b106ca31f855c53df6 | |
parent | bee654296baee423c43e903650e4b9ad568943c1 (diff) | |
download | podman-5f0a1c1ff8e6b44566334567adeba0e8bba8c8d8.tar.gz podman-5f0a1c1ff8e6b44566334567adeba0e8bba8c8d8.tar.bz2 podman-5f0a1c1ff8e6b44566334567adeba0e8bba8c8d8.zip |
rootless: fix --pid=host
Unfortunately this is not enough to get it working as runc doesn't
allow to bind mount /proc.
Depends on: https://github.com/opencontainers/runc/pull/1832
Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
Closes: #1349
Approved by: rhatdan
-rw-r--r-- | pkg/spec/spec.go | 10 |
1 files changed, 10 insertions, 0 deletions
diff --git a/pkg/spec/spec.go b/pkg/spec/spec.go index ac894c00c..255b70045 100644 --- a/pkg/spec/spec.go +++ b/pkg/spec/spec.go @@ -79,6 +79,16 @@ func CreateConfigToOCISpec(config *CreateConfig) (*spec.Spec, error) { //nolint } g.AddMount(devMqueue) } + if inUserNS && config.PidMode.IsHost() { + g.RemoveMount("/proc") + procMount := spec.Mount{ + Destination: "/proc", + Type: "bind", + Source: "/proc", + Options: []string{"rbind", "nosuid", "noexec", "nodev"}, + } + g.AddMount(procMount) + } if addCgroup { cgroupMnt := spec.Mount{ |