diff options
author | Giuseppe Scrivano <gscrivan@redhat.com> | 2018-06-01 13:10:14 +0200 |
---|---|---|
committer | Atomic Bot <atomic-devel@projectatomic.io> | 2018-06-15 14:53:18 +0000 |
commit | 1e8ef3c89756fbc7a9263c3c6c211c818c814c81 (patch) | |
tree | 2bdbb2dd3a882c05b90d0e81e23571c3ce757053 | |
parent | ca03627a801fbaa0e55d498f05b8ca69addd7266 (diff) | |
download | podman-1e8ef3c89756fbc7a9263c3c6c211c818c814c81.tar.gz podman-1e8ef3c89756fbc7a9263c3c6c211c818c814c81.tar.bz2 podman-1e8ef3c89756fbc7a9263c3c6c211c818c814c81.zip |
container: do not add shm in rootless mode
Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
Closes: #871
Approved by: mheon
-rw-r--r-- | libpod/container_internal.go | 33 |
1 files changed, 17 insertions, 16 deletions
diff --git a/libpod/container_internal.go b/libpod/container_internal.go index b3e474836..4f5d7f0fd 100644 --- a/libpod/container_internal.go +++ b/libpod/container_internal.go @@ -685,26 +685,27 @@ func (c *Container) mountStorage() (err error) { return nil } - // TODO: generalize this mount code so it will mount every mount in ctr.config.Mounts - - mounted, err := mount.Mounted(c.config.ShmDir) - if err != nil { - return errors.Wrapf(err, "unable to determine if %q is mounted", c.config.ShmDir) - } - - if err := os.Chown(c.config.ShmDir, c.RootUID(), c.RootGID()); err != nil { - return err - } - - if !mounted { - shmOptions := fmt.Sprintf("mode=1777,size=%d", c.config.ShmSize) - if err := unix.Mount("shm", c.config.ShmDir, "tmpfs", unix.MS_NOEXEC|unix.MS_NOSUID|unix.MS_NODEV, - label.FormatMountLabel(shmOptions, c.config.MountLabel)); err != nil { - return errors.Wrapf(err, "failed to mount shm tmpfs %q", c.config.ShmDir) + if os.Getuid() == 0 { + // TODO: generalize this mount code so it will mount every mount in ctr.config.Mounts + mounted, err := mount.Mounted(c.config.ShmDir) + if err != nil { + return errors.Wrapf(err, "unable to determine if %q is mounted", c.config.ShmDir) } + if err := os.Chown(c.config.ShmDir, c.RootUID(), c.RootGID()); err != nil { return errors.Wrapf(err, "failed to chown %s", c.config.ShmDir) } + + if !mounted { + shmOptions := fmt.Sprintf("mode=1777,size=%d", c.config.ShmSize) + if err := unix.Mount("shm", c.config.ShmDir, "tmpfs", unix.MS_NOEXEC|unix.MS_NOSUID|unix.MS_NODEV, + label.FormatMountLabel(shmOptions, c.config.MountLabel)); err != nil { + return errors.Wrapf(err, "failed to mount shm tmpfs %q", c.config.ShmDir) + } + if err := os.Chown(c.config.ShmDir, c.RootUID(), c.RootGID()); err != nil { + return errors.Wrapf(err, "failed to chown %s", c.config.ShmDir) + } + } } mountPoint := c.config.Rootfs |