summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorGiuseppe Scrivano <gscrivan@redhat.com>2018-06-01 13:11:54 +0200
committerAtomic Bot <atomic-devel@projectatomic.io>2018-06-15 14:53:18 +0000
commited0261176b2bd9ccd9a6cbf77727429429b8fedc (patch)
tree14d219d94e67a51827cc9d42ced2dd3b83e12d2b
parent1e8ef3c89756fbc7a9263c3c6c211c818c814c81 (diff)
downloadpodman-ed0261176b2bd9ccd9a6cbf77727429429b8fedc.tar.gz
podman-ed0261176b2bd9ccd9a6cbf77727429429b8fedc.tar.bz2
podman-ed0261176b2bd9ccd9a6cbf77727429429b8fedc.zip
spec: change mount options for /dev/pts in rootless mode
The default /dev/pts has the option gid=5 that might not be mapped in the rootless case. Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com> Closes: #871 Approved by: mheon
-rw-r--r--pkg/spec/spec.go11
1 files changed, 11 insertions, 0 deletions
diff --git a/pkg/spec/spec.go b/pkg/spec/spec.go
index 75ab03e53..eb0746b2c 100644
--- a/pkg/spec/spec.go
+++ b/pkg/spec/spec.go
@@ -1,6 +1,7 @@
package createconfig
import (
+ "os"
"strings"
"github.com/docker/docker/daemon/caps"
@@ -44,6 +45,16 @@ func CreateConfigToOCISpec(config *CreateConfig) (*spec.Spec, error) { //nolint
}
g.AddMount(sysMnt)
}
+ if os.Getuid() != 0 {
+ g.RemoveMount("/dev/pts")
+ devPts := spec.Mount{
+ Destination: "/dev/pts",
+ Type: "devpts",
+ Source: "devpts",
+ Options: []string{"nosuid", "noexec", "newinstance", "ptmxmode=0666", "mode=0620"},
+ }
+ g.AddMount(devPts)
+ }
if addCgroup {
cgroupMnt := spec.Mount{