diff options
author | OpenShift Merge Robot <openshift-merge-robot@users.noreply.github.com> | 2019-10-24 01:07:51 +0200 |
---|---|---|
committer | GitHub <noreply@github.com> | 2019-10-24 01:07:51 +0200 |
commit | 299a430759c236400188dcf77c7da2a97649cdcb (patch) | |
tree | 6b231af063a8e09c90dd1351cd66e9a5ebfa1f64 | |
parent | 4b8832a9af85471bab64963bea42d8e54fad0877 (diff) | |
parent | 57eaea9539bb18d683cbac28a6a1b1b09e744944 (diff) | |
download | podman-299a430759c236400188dcf77c7da2a97649cdcb.tar.gz podman-299a430759c236400188dcf77c7da2a97649cdcb.tar.bz2 podman-299a430759c236400188dcf77c7da2a97649cdcb.zip |
Merge pull request #4329 from mheon/no_noexec_image_volume
Image volumes should not be mounted noexec
-rw-r--r-- | pkg/spec/storage.go | 4 | ||||
-rw-r--r-- | test/e2e/run_volume_test.go | 7 |
2 files changed, 9 insertions, 2 deletions
diff --git a/pkg/spec/storage.go b/pkg/spec/storage.go index a394a19ae..095534589 100644 --- a/pkg/spec/storage.go +++ b/pkg/spec/storage.go @@ -738,13 +738,13 @@ func (config *CreateConfig) getImageVolumes() (map[string]spec.Mount, map[string Destination: cleanDest, Source: TypeTmpfs, Type: TypeTmpfs, - Options: []string{"rprivate", "rw", "nodev"}, + Options: []string{"rprivate", "rw", "nodev", "exec"}, } mounts[vol] = mount } else { // Anonymous volumes have no name. namedVolume := new(libpod.ContainerNamedVolume) - namedVolume.Options = []string{"rprivate", "rw", "nodev"} + namedVolume.Options = []string{"rprivate", "rw", "nodev", "exec"} namedVolume.Dest = cleanDest volumes[vol] = namedVolume } diff --git a/test/e2e/run_volume_test.go b/test/e2e/run_volume_test.go index d04eb07b3..c96059787 100644 --- a/test/e2e/run_volume_test.go +++ b/test/e2e/run_volume_test.go @@ -357,4 +357,11 @@ var _ = Describe("Podman run with volumes", func() { Expect(len(arr2)).To(Equal(1)) Expect(arr2[0]).To(Equal(volName)) }) + + It("podman run image volume is not noexec", func() { + session := podmanTest.Podman([]string{"run", "--rm", redis, "grep", "/data", "/proc/self/mountinfo"}) + session.WaitWithDefaultTimeout() + Expect(session.ExitCode()).To(Equal(0)) + Expect(session.OutputToString()).To(Not(ContainSubstring("noexec"))) + }) }) |