summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorGiuseppe Scrivano <gscrivan@redhat.com>2018-08-27 13:28:08 +0200
committerAtomic Bot <atomic-devel@projectatomic.io>2018-08-27 12:49:32 +0000
commitbbbdd45b2c901aa58a1f40eb93957908df271bf5 (patch)
tree50411f0629b475cd753818ed1ccb5226d7570648
parentfe00977fa53bb457040d57f8bd797576fa6dbff7 (diff)
downloadpodman-bbbdd45b2c901aa58a1f40eb93957908df271bf5.tar.gz
podman-bbbdd45b2c901aa58a1f40eb93957908df271bf5.tar.bz2
podman-bbbdd45b2c901aa58a1f40eb93957908df271bf5.zip
spec: bind mount /sys only when userNS are enabled
Fix the test for checking when /sys must be bind mounted from the host. It should be done only when userNS are enabled (the !UsernsMode.IsHost() check is not enough for that). Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com> Closes: #1349 Approved by: rhatdan
-rw-r--r--pkg/spec/spec.go7
1 files changed, 5 insertions, 2 deletions
diff --git a/pkg/spec/spec.go b/pkg/spec/spec.go
index 8d8a07a2e..8038dd6ba 100644
--- a/pkg/spec/spec.go
+++ b/pkg/spec/spec.go
@@ -27,7 +27,10 @@ func CreateConfigToOCISpec(config *CreateConfig) (*spec.Spec, error) { //nolint
addCgroup := true
canMountSys := true
- if !config.UsernsMode.IsHost() && config.NetMode.IsHost() {
+ isRootless := rootless.IsRootless()
+ inUserNS := isRootless || (len(config.IDMappings.UIDMap) > 0 || len(config.IDMappings.GIDMap) > 0) && !config.UsernsMode.IsHost()
+
+ if inUserNS && config.NetMode.IsHost() {
canMountSys = false
}
@@ -56,7 +59,7 @@ func CreateConfigToOCISpec(config *CreateConfig) (*spec.Spec, error) { //nolint
}
g.AddMount(sysMnt)
}
- if rootless.IsRootless() {
+ if isRootless {
g.RemoveMount("/dev/pts")
devPts := spec.Mount{
Destination: "/dev/pts",