aboutsummaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorDaniel J Walsh <dwalsh@redhat.com>2017-11-05 22:01:54 +0000
committerAtomic Bot <atomic-devel@projectatomic.io>2017-11-06 14:43:06 +0000
commit006a8bd6f341358bd2917c69466fb5968de78d99 (patch)
tree53f7cd263c6b43dea4f101e664920a6f452e89a8
parent402c30333fa1618f201f89ffaf80db815ab3b7f6 (diff)
downloadpodman-006a8bd6f341358bd2917c69466fb5968de78d99.tar.gz
podman-006a8bd6f341358bd2917c69466fb5968de78d99.tar.bz2
podman-006a8bd6f341358bd2917c69466fb5968de78d99.zip
Convert tmpfs mounts to use generate
Signed-off-by: Daniel J Walsh <dwalsh@redhat.com> Closes: #19 Approved by: baude
-rw-r--r--cmd/kpod/spec.go17
1 files changed, 14 insertions, 3 deletions
diff --git a/cmd/kpod/spec.go b/cmd/kpod/spec.go
index abb1cba5b..611a3cc56 100644
--- a/cmd/kpod/spec.go
+++ b/cmd/kpod/spec.go
@@ -6,6 +6,7 @@ import (
"strings"
"github.com/docker/docker/daemon/caps"
+ "github.com/docker/docker/pkg/mount"
spec "github.com/opencontainers/runtime-spec/specs-go"
"github.com/opencontainers/runtime-tools/generate"
"github.com/pkg/errors"
@@ -110,6 +111,19 @@ func createConfigToOCISpec(config *createConfig) (*spec.Spec, error) {
g.SetLinuxResourcesPidsLimit(config.resources.pidsLimit)
}
+ for _, i := range config.tmpfs {
+ options := []string{"rw", "noexec", "nosuid", "nodev", "size=65536k"}
+ spliti := strings.SplitN(i, ":", 2)
+ if len(spliti) > 1 {
+ if _, _, err := mount.ParseTmpfsOptions(spliti[1]); err != nil {
+ return nil, err
+ }
+ options = strings.Split(spliti[1], ",")
+ }
+ // Default options if nothing passed
+ g.AddTmpfsMount(spliti[0], options)
+ }
+
configSpec := g.Spec()
if config.seccompProfilePath != "" && config.seccompProfilePath != "unconfined" {
@@ -129,9 +143,6 @@ func createConfigToOCISpec(config *createConfig) (*spec.Spec, error) {
// BIND MOUNTS
configSpec.Mounts = append(configSpec.Mounts, config.GetVolumeMounts()...)
- // TMPFS MOUNTS
- configSpec.Mounts = append(configSpec.Mounts, config.GetTmpfsMounts()...)
-
// HANDLE CAPABILITIES
if err := setupCapabilities(config, configSpec); err != nil {
return nil, err