diff options
| author | umohnani8 <umohnani@redhat.com> | 2017-11-27 13:17:42 -0500 |
|---|---|---|
| committer | Atomic Bot <atomic-devel@projectatomic.io> | 2017-12-05 10:23:13 +0000 |
| commit | 34696c55e91294442325ff0d78af84945d3e955f (patch) | |
| tree | 49dba02028bfba7284af6a1e8771c5dd21c3e2e1 /cmd/kpod | |
| parent | c5c7341d4b5ce0ad1c8feb692f9fd048962c6241 (diff) | |
| download | podman-34696c55e91294442325ff0d78af84945d3e955f.tar.gz podman-34696c55e91294442325ff0d78af84945d3e955f.tar.bz2 podman-34696c55e91294442325ff0d78af84945d3e955f.zip | |
Add Linux Root Propagation to kpod create and run
Add [r]shared, [r]private, [r]slave functionality to the --volume flag
for kpod create and kpod run
This sets the root propagation for each bind mount
Signed-off-by: umohnani8 <umohnani@redhat.com>
Closes: #87
Approved by: rhatdan
Diffstat (limited to 'cmd/kpod')
| -rw-r--r-- | cmd/kpod/spec.go | 34 | ||||
| -rw-r--r-- | cmd/kpod/spec_test.go | 2 |
2 files changed, 25 insertions, 11 deletions
diff --git a/cmd/kpod/spec.go b/cmd/kpod/spec.go index b2a439a9b..5d6fe8879 100644 --- a/cmd/kpod/spec.go +++ b/cmd/kpod/spec.go @@ -300,6 +300,16 @@ func createConfigToOCISpec(config *createConfig) (*spec.Spec, error) { return nil, errors.Wrapf(err, "error getting volume mounts") } configSpec.Mounts = append(configSpec.Mounts, mounts...) + for _, mount := range configSpec.Mounts { + for _, opt := range mount.Options { + switch opt { + case "private", "rprivate", "slave", "rslave", "shared", "rshared": + if err := g.SetLinuxRootPropagation(opt); err != nil { + return nil, errors.Wrapf(err, "error setting root propagation for %q", mount.Destination) + } + } + } + } // HANDLE CAPABILITIES if err := setupCapabilities(config, configSpec); err != nil { @@ -442,24 +452,25 @@ func (c *createConfig) GetVolumeMounts() ([]spec.Mount, error) { options = strings.Split(spliti[2], ",") } options = append(options, "rbind") - // var foundrw, foundro, - var foundz, foundZ bool + var foundrw, foundro, foundz, foundZ bool + var rootProp string for _, opt := range options { switch opt { - // case "rw": - // foundrw = true - // case "ro": - // foundro = true + case "rw": + foundrw = true + case "ro": + foundro = true case "z": foundz = true case "Z": foundZ = true + case "private", "rprivate", "slave", "rslave", "shared", "rshared": + rootProp = opt } } - // if !foundro && !foundrw { - // // rw option is default - // options = append(options, "rw") - // } + if !foundrw && !foundro { + options = append(options, "rw") + } if foundz { if err := label.Relabel(spliti[0], c.mountLabel, true); err != nil { return nil, errors.Wrapf(err, "relabel failed %q", spliti[0]) @@ -470,6 +481,9 @@ func (c *createConfig) GetVolumeMounts() ([]spec.Mount, error) { return nil, errors.Wrapf(err, "relabel failed %q", spliti[0]) } } + if rootProp == "" { + options = append(options, "rprivate") + } m = append(m, spec.Mount{ Destination: spliti[1], diff --git a/cmd/kpod/spec_test.go b/cmd/kpod/spec_test.go index 1eedb0e2a..799d6b235 100644 --- a/cmd/kpod/spec_test.go +++ b/cmd/kpod/spec_test.go @@ -13,7 +13,7 @@ func TestCreateConfig_GetVolumeMounts(t *testing.T) { Destination: "/foobar", Type: "bind", Source: "foobar", - Options: []string{"ro", "rbind"}, + Options: []string{"ro", "rbind", "rprivate"}, } config := createConfig{ volumes: []string{"foobar:/foobar:ro"}, |