diff options
author | Giuseppe Scrivano <gscrivan@redhat.com> | 2018-08-27 13:28:08 +0200 |
---|---|---|
committer | Atomic Bot <atomic-devel@projectatomic.io> | 2018-08-27 12:49:32 +0000 |
commit | bbbdd45b2c901aa58a1f40eb93957908df271bf5 (patch) | |
tree | 50411f0629b475cd753818ed1ccb5226d7570648 | |
parent | fe00977fa53bb457040d57f8bd797576fa6dbff7 (diff) | |
download | podman-bbbdd45b2c901aa58a1f40eb93957908df271bf5.tar.gz podman-bbbdd45b2c901aa58a1f40eb93957908df271bf5.tar.bz2 podman-bbbdd45b2c901aa58a1f40eb93957908df271bf5.zip |
spec: bind mount /sys only when userNS are enabled
Fix the test for checking when /sys must be bind mounted from the
host. It should be done only when userNS are enabled (the
!UsernsMode.IsHost() check is not enough for that).
Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
Closes: #1349
Approved by: rhatdan
-rw-r--r-- | pkg/spec/spec.go | 7 |
1 files changed, 5 insertions, 2 deletions
diff --git a/pkg/spec/spec.go b/pkg/spec/spec.go index 8d8a07a2e..8038dd6ba 100644 --- a/pkg/spec/spec.go +++ b/pkg/spec/spec.go @@ -27,7 +27,10 @@ func CreateConfigToOCISpec(config *CreateConfig) (*spec.Spec, error) { //nolint addCgroup := true canMountSys := true - if !config.UsernsMode.IsHost() && config.NetMode.IsHost() { + isRootless := rootless.IsRootless() + inUserNS := isRootless || (len(config.IDMappings.UIDMap) > 0 || len(config.IDMappings.GIDMap) > 0) && !config.UsernsMode.IsHost() + + if inUserNS && config.NetMode.IsHost() { canMountSys = false } @@ -56,7 +59,7 @@ func CreateConfigToOCISpec(config *CreateConfig) (*spec.Spec, error) { //nolint } g.AddMount(sysMnt) } - if rootless.IsRootless() { + if isRootless { g.RemoveMount("/dev/pts") devPts := spec.Mount{ Destination: "/dev/pts", |