diff options
| author | OpenShift Merge Robot <openshift-merge-robot@users.noreply.github.com> | 2021-07-28 15:06:27 +0200 |
|---|---|---|
| committer | GitHub <noreply@github.com> | 2021-07-28 15:06:27 +0200 |
| commit | 1176c41a600ecec1cfdce62af66a249e1bb92a41 (patch) | |
| tree | c34eb41d2d33e30b76ded7d64ede49161220dd99 | |
| parent | 6c5966cf3cbfa15602ba2d9ef57284f2669a321d (diff) | |
| parent | 67d439197ea5945333991a037abd0d0deda78bd3 (diff) | |
| download | podman-1176c41a600ecec1cfdce62af66a249e1bb92a41.tar.gz podman-1176c41a600ecec1cfdce62af66a249e1bb92a41.tar.bz2 podman-1176c41a600ecec1cfdce62af66a249e1bb92a41.zip | |
Merge pull request #11056 from giuseppe/warning-root-no-shared
rootless: check that / is mounted as shared
| -rw-r--r-- | pkg/rootless/rootless_linux.go | 20 |
1 files changed, 20 insertions, 0 deletions
diff --git a/pkg/rootless/rootless_linux.go b/pkg/rootless/rootless_linux.go index f76eab0e3..9ef56acb4 100644 --- a/pkg/rootless/rootless_linux.go +++ b/pkg/rootless/rootless_linux.go @@ -14,11 +14,13 @@ import ( "os/user" "runtime" "strconv" + "strings" "sync" "unsafe" "github.com/containers/podman/v3/pkg/errorhandling" "github.com/containers/storage/pkg/idtools" + pmount "github.com/containers/storage/pkg/mount" "github.com/containers/storage/pkg/unshare" "github.com/pkg/errors" "github.com/sirupsen/logrus" @@ -235,6 +237,24 @@ func becomeRootInUserNS(pausePid, fileToRead string, fileOutput *os.File) (_ boo return false, 0, nil } + if mounts, err := pmount.GetMounts(); err == nil { + for _, m := range mounts { + if m.Mountpoint == "/" { + isShared := false + for _, o := range strings.Split(m.Optional, ",") { + if strings.HasPrefix(o, "shared:") { + isShared = true + break + } + } + if !isShared { + logrus.Warningf("%q is not a shared mount, this could cause issues or missing mounts with rootless containers", m.Mountpoint) + } + break + } + } + } + cPausePid := C.CString(pausePid) defer C.free(unsafe.Pointer(cPausePid)) |