summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorGiuseppe Scrivano <gscrivan@redhat.com>2018-07-16 11:48:59 +0200
committerGiuseppe Scrivano <gscrivan@redhat.com>2018-07-20 11:00:53 +0200
commitd4f14be3a7aa7b5b884906d764db3214e51b3e67 (patch)
tree7e198c5a0b9f07a1dc8537b5f172aee54563832a
parent45a92f8357de75d06c137e48ce61ab8054d5bc8e (diff)
downloadpodman-d4f14be3a7aa7b5b884906d764db3214e51b3e67.tar.gz
podman-d4f14be3a7aa7b5b884906d764db3214e51b3e67.tar.bz2
podman-d4f14be3a7aa7b5b884906d764db3214e51b3e67.zip
rootless: support a per-user mounts.conf
Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
-rw-r--r--docs/podman.1.md2
-rw-r--r--pkg/secrets/secrets.go7
2 files changed, 9 insertions, 0 deletions
diff --git a/docs/podman.1.md b/docs/podman.1.md
index 68a9e4e92..5581e0569 100644
--- a/docs/podman.1.md
+++ b/docs/podman.1.md
@@ -139,6 +139,8 @@ The format of the mounts.conf is the volume format /SRC:/DEST, one mount per lin
Note this is not a volume mount. The content of the volumes is copied into container storage, not bind mounted directly from the host.
+When Podman runs in rootless mode, the file `$HOME/.config/containers/mounts.conf` is also used.
+
**hook JSON** (`/usr/share/containers/oci/hooks.d/*.json`)
Each `*.json` file in `/usr/share/containers/oci/hooks.d` configures a hook for Podman containers. For more details on the syntax of the JSON files and the semantics of hook injection, see `oci-hooks(5)`.
diff --git a/pkg/secrets/secrets.go b/pkg/secrets/secrets.go
index f245b9512..bc63ece00 100644
--- a/pkg/secrets/secrets.go
+++ b/pkg/secrets/secrets.go
@@ -10,6 +10,7 @@ import (
rspec "github.com/opencontainers/runtime-spec/specs-go"
"github.com/opencontainers/selinux/go-selinux/label"
"github.com/pkg/errors"
+ "github.com/projectatomic/libpod/pkg/rootless"
"github.com/sirupsen/logrus"
)
@@ -20,6 +21,9 @@ var (
// OverrideMountsFile holds the default mount paths in the form
// "host_path:container_path" overridden by the user
OverrideMountsFile = "/etc/containers/mounts.conf"
+ // UserOverrideMountsFile holds the default mount paths in the form
+ // "host_path:container_path" overridden by the rootless user
+ UserOverrideMountsFile = filepath.Join(os.Getenv("HOME"), ".config/containers/mounts.conf")
)
// secretData stores the name of the file and the content read from it
@@ -143,6 +147,9 @@ func SecretMountsWithUIDGID(mountLabel, containerWorkingDir, mountFile, mountPre
// Note for testing purposes only
if mountFile == "" {
mountFiles = append(mountFiles, []string{OverrideMountsFile, DefaultMountsFile}...)
+ if rootless.IsRootless() {
+ mountFiles = append([]string{UserOverrideMountsFile}, mountFiles...)
+ }
} else {
mountFiles = append(mountFiles, mountFile)
}