summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorOpenShift Merge Robot <openshift-merge-robot@users.noreply.github.com>2019-10-24 01:07:51 +0200
committerGitHub <noreply@github.com>2019-10-24 01:07:51 +0200
commit299a430759c236400188dcf77c7da2a97649cdcb (patch)
tree6b231af063a8e09c90dd1351cd66e9a5ebfa1f64
parent4b8832a9af85471bab64963bea42d8e54fad0877 (diff)
parent57eaea9539bb18d683cbac28a6a1b1b09e744944 (diff)
downloadpodman-299a430759c236400188dcf77c7da2a97649cdcb.tar.gz
podman-299a430759c236400188dcf77c7da2a97649cdcb.tar.bz2
podman-299a430759c236400188dcf77c7da2a97649cdcb.zip
Merge pull request #4329 from mheon/no_noexec_image_volume
Image volumes should not be mounted noexec
-rw-r--r--pkg/spec/storage.go4
-rw-r--r--test/e2e/run_volume_test.go7
2 files changed, 9 insertions, 2 deletions
diff --git a/pkg/spec/storage.go b/pkg/spec/storage.go
index a394a19ae..095534589 100644
--- a/pkg/spec/storage.go
+++ b/pkg/spec/storage.go
@@ -738,13 +738,13 @@ func (config *CreateConfig) getImageVolumes() (map[string]spec.Mount, map[string
Destination: cleanDest,
Source: TypeTmpfs,
Type: TypeTmpfs,
- Options: []string{"rprivate", "rw", "nodev"},
+ Options: []string{"rprivate", "rw", "nodev", "exec"},
}
mounts[vol] = mount
} else {
// Anonymous volumes have no name.
namedVolume := new(libpod.ContainerNamedVolume)
- namedVolume.Options = []string{"rprivate", "rw", "nodev"}
+ namedVolume.Options = []string{"rprivate", "rw", "nodev", "exec"}
namedVolume.Dest = cleanDest
volumes[vol] = namedVolume
}
diff --git a/test/e2e/run_volume_test.go b/test/e2e/run_volume_test.go
index d04eb07b3..c96059787 100644
--- a/test/e2e/run_volume_test.go
+++ b/test/e2e/run_volume_test.go
@@ -357,4 +357,11 @@ var _ = Describe("Podman run with volumes", func() {
Expect(len(arr2)).To(Equal(1))
Expect(arr2[0]).To(Equal(volName))
})
+
+ It("podman run image volume is not noexec", func() {
+ session := podmanTest.Podman([]string{"run", "--rm", redis, "grep", "/data", "/proc/self/mountinfo"})
+ session.WaitWithDefaultTimeout()
+ Expect(session.ExitCode()).To(Equal(0))
+ Expect(session.OutputToString()).To(Not(ContainSubstring("noexec")))
+ })
})