aboutsummaryrefslogtreecommitdiff
path: root/cmd/podman
diff options
context:
space:
mode:
authorGiuseppe Scrivano <gscrivan@redhat.com>2018-12-12 11:56:19 +0100
committerGiuseppe Scrivano <gscrivan@redhat.com>2018-12-12 11:57:30 +0100
commita609e026a5f58d935a25e558480ed314783062fc (patch)
treef97444d165e8acdfdf12082eab0500d267b07386 /cmd/podman
parent8a3361f46c87933aff04c9acaaf48b7c130bc9d8 (diff)
downloadpodman-a609e026a5f58d935a25e558480ed314783062fc.tar.gz
podman-a609e026a5f58d935a25e558480ed314783062fc.tar.bz2
podman-a609e026a5f58d935a25e558480ed314783062fc.zip
mount: allow mount only when using vfs
when using a driver different than vfs, the mount is probably in a different mount namespace thus not accessible from the host. Avoid the confusion by not allowing mount when a different driver is used. Closes: https://github.com/containers/libpod/issues/1964 Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
Diffstat (limited to 'cmd/podman')
-rw-r--r--cmd/podman/main.go1
-rw-r--r--cmd/podman/mount.go21
2 files changed, 22 insertions, 0 deletions
diff --git a/cmd/podman/main.go b/cmd/podman/main.go
index 796b0b03a..2db6c5dec 100644
--- a/cmd/podman/main.go
+++ b/cmd/podman/main.go
@@ -34,6 +34,7 @@ var cmdsNotRequiringRootless = map[string]bool{
// If this change, please also update libpod.refreshRootless()
"login": true,
"logout": true,
+ "mount": true,
"kill": true,
"pause": true,
"restart": true,
diff --git a/cmd/podman/mount.go b/cmd/podman/mount.go
index 585f506cd..c91115597 100644
--- a/cmd/podman/mount.go
+++ b/cmd/podman/mount.go
@@ -3,9 +3,11 @@ package main
import (
js "encoding/json"
"fmt"
+ "os"
of "github.com/containers/libpod/cmd/podman/formats"
"github.com/containers/libpod/cmd/podman/libpodruntime"
+ "github.com/containers/libpod/pkg/rootless"
"github.com/pkg/errors"
"github.com/sirupsen/logrus"
"github.com/urfave/cli"
@@ -52,6 +54,9 @@ func mountCmd(c *cli.Context) error {
if err := validateFlags(c, mountFlags); err != nil {
return err
}
+ if os.Geteuid() != 0 {
+ rootless.SetSkipStorageSetup(true)
+ }
runtime, err := libpodruntime.GetRuntime(c)
if err != nil {
@@ -59,6 +64,22 @@ func mountCmd(c *cli.Context) error {
}
defer runtime.Shutdown(false)
+ if os.Geteuid() != 0 {
+ if driver := runtime.GetConfig().StorageConfig.GraphDriverName; driver != "vfs" {
+ // Do not allow to mount a graphdriver that is not vfs if we are creating the userns as part
+ // of the mount command.
+ return fmt.Errorf("cannot mount using driver %s in rootless mode", driver)
+ }
+
+ became, ret, err := rootless.BecomeRootInUserNS()
+ if err != nil {
+ return err
+ }
+ if became {
+ os.Exit(ret)
+ }
+ }
+
formats := map[string]bool{
"": true,
of.JSONString: true,