diff options
| author | Giuseppe Scrivano <gscrivan@redhat.com> | 2018-08-27 12:13:04 +0200 |
|---|---|---|
| committer | Atomic Bot <atomic-devel@projectatomic.io> | 2018-08-27 12:49:32 +0000 |
| commit | bee654296baee423c43e903650e4b9ad568943c1 (patch) | |
| tree | 2ecb87f931410ddf4c930175c03f8389076c69e0 | |
| parent | bbbdd45b2c901aa58a1f40eb93957908df271bf5 (diff) | |
| download | podman-bee654296baee423c43e903650e4b9ad568943c1.tar.gz podman-bee654296baee423c43e903650e4b9ad568943c1.tar.bz2 podman-bee654296baee423c43e903650e4b9ad568943c1.zip | |
rootless: fix --ipc=host
Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
Closes: #1349
Approved by: rhatdan
| -rw-r--r-- | pkg/spec/spec.go | 10 | ||||
| -rw-r--r-- | test/e2e/rootless_test.go | 4 |
2 files changed, 14 insertions, 0 deletions
diff --git a/pkg/spec/spec.go b/pkg/spec/spec.go index 8038dd6ba..ac894c00c 100644 --- a/pkg/spec/spec.go +++ b/pkg/spec/spec.go @@ -69,6 +69,16 @@ func CreateConfigToOCISpec(config *CreateConfig) (*spec.Spec, error) { //nolint } g.AddMount(devPts) } + if inUserNS && config.IpcMode.IsHost() { + g.RemoveMount("/dev/mqueue") + devMqueue := spec.Mount{ + Destination: "/dev/mqueue", + Type: "bind", + Source: "/dev/mqueue", + Options: []string{"bind", "nosuid", "noexec", "nodev"}, + } + g.AddMount(devMqueue) + } if addCgroup { cgroupMnt := spec.Mount{ diff --git a/test/e2e/rootless_test.go b/test/e2e/rootless_test.go index 0bc537507..9d11a5be9 100644 --- a/test/e2e/rootless_test.go +++ b/test/e2e/rootless_test.go @@ -163,4 +163,8 @@ var _ = Describe("Podman rootless", func() { It("podman rootless rootfs --uts host", func() { runRootless([]string{"--uts", "host"}) }) + + It("podman rootless rootfs --ipc host", func() { + runRootless([]string{"--ipc", "host"}) + }) }) |