diff options
author | Daniel J Walsh <dwalsh@redhat.com> | 2019-04-26 10:51:59 -0400 |
---|---|---|
committer | Daniel J Walsh <dwalsh@redhat.com> | 2019-04-26 12:29:10 -0400 |
commit | 3a4be4b66ca22d87446c37218b300b8f31a84b92 (patch) | |
tree | dcd3430bb191a145aa386679fb7f9fcf366411ac /cmd | |
parent | 135c8bef223d32f553659cbdfd5eb99f948a6c84 (diff) | |
download | podman-3a4be4b66ca22d87446c37218b300b8f31a84b92.tar.gz podman-3a4be4b66ca22d87446c37218b300b8f31a84b92.tar.bz2 podman-3a4be4b66ca22d87446c37218b300b8f31a84b92.zip |
Add --read-only-tmpfs options
The --read-only-tmpfs option caused podman to mount tmpfs on /run, /tmp, /var/tmp
if the container is running int read-only mode.
The default is true, so you would need to execute a command like
--read-only --read-only-tmpfs=false to turn off this behaviour.
Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
Diffstat (limited to 'cmd')
-rw-r--r-- | cmd/podman/common.go | 4 | ||||
-rw-r--r-- | cmd/podman/shared/container.go | 3 | ||||
-rw-r--r-- | cmd/podman/shared/create.go | 1 | ||||
-rw-r--r-- | cmd/podman/shared/intermediate.go | 1 | ||||
-rw-r--r-- | cmd/podman/shared/intermediate_varlink.go | 2 | ||||
-rw-r--r-- | cmd/podman/varlink/io.podman.varlink | 1 |
6 files changed, 11 insertions, 1 deletions
diff --git a/cmd/podman/common.go b/cmd/podman/common.go index ba4a3f519..eac96d3ba 100644 --- a/cmd/podman/common.go +++ b/cmd/podman/common.go @@ -434,6 +434,10 @@ func getCreateFlags(c *cliconfig.PodmanCommand) { "read-only", false, "Make containers root filesystem read-only", ) + createFlags.Bool( + "read-only-tmpfs", true, + "When running containers in read-only mode mount a read-write tmpfs on /run, /tmp and /var/tmp", + ) createFlags.String( "restart", "", "Restart is not supported. Please use a systemd unit file for restart", diff --git a/cmd/podman/shared/container.go b/cmd/podman/shared/container.go index e14276bdf..9050fd2b9 100644 --- a/cmd/podman/shared/container.go +++ b/cmd/podman/shared/container.go @@ -658,7 +658,8 @@ func GetCtrInspectInfo(config *libpod.ContainerConfig, ctrInspectData *inspect.C OomKillDisable: memDisableOOMKiller, PidsLimit: pidsLimit, Privileged: config.Privileged, - ReadonlyRootfs: spec.Root.Readonly, + ReadOnlyRootfs: spec.Root.Readonly, + ReadOnlyTmpfs: createArtifact.ReadOnlyTmpfs, Runtime: config.OCIRuntime, NetworkMode: string(createArtifact.NetMode), IpcMode: string(createArtifact.IpcMode), diff --git a/cmd/podman/shared/create.go b/cmd/podman/shared/create.go index 3f54e193f..c521f9cb6 100644 --- a/cmd/podman/shared/create.go +++ b/cmd/podman/shared/create.go @@ -650,6 +650,7 @@ func ParseCreateOpts(ctx context.Context, c *GenericCLIResults, runtime *libpod. PortBindings: portBindings, Quiet: c.Bool("quiet"), ReadOnlyRootfs: c.Bool("read-only"), + ReadOnlyTmpfs: c.Bool("read-only-tmpfs"), Resources: cc.CreateResourceConfig{ BlkioWeight: blkioWeight, BlkioWeightDevice: c.StringSlice("blkio-weight-device"), diff --git a/cmd/podman/shared/intermediate.go b/cmd/podman/shared/intermediate.go index 2e1827561..9c494dec5 100644 --- a/cmd/podman/shared/intermediate.go +++ b/cmd/podman/shared/intermediate.go @@ -434,6 +434,7 @@ func NewIntermediateLayer(c *cliconfig.PodmanCommand, remote bool) GenericCLIRes m["publish-all"] = newCRBool(c, "publish-all") m["quiet"] = newCRBool(c, "quiet") m["read-only"] = newCRBool(c, "read-only") + m["read-only-tmpfs"] = newCRBool(c, "read-only-tmpfs") m["restart"] = newCRString(c, "restart") m["rm"] = newCRBool(c, "rm") m["rootfs"] = newCRBool(c, "rootfs") diff --git a/cmd/podman/shared/intermediate_varlink.go b/cmd/podman/shared/intermediate_varlink.go index d62a65955..5e21245e3 100644 --- a/cmd/podman/shared/intermediate_varlink.go +++ b/cmd/podman/shared/intermediate_varlink.go @@ -141,6 +141,7 @@ func (g GenericCLIResults) MakeVarlink() iopodman.Create { PublishAll: BoolToPtr(g.Find("publish-all")), Quiet: BoolToPtr(g.Find("quiet")), Readonly: BoolToPtr(g.Find("read-only")), + Readonlytmpfs: BoolToPtr(g.Find("read-only-tmpfs")), Restart: StringToPtr(g.Find("restart")), Rm: BoolToPtr(g.Find("rm")), Rootfs: BoolToPtr(g.Find("rootfs")), @@ -397,6 +398,7 @@ func VarlinkCreateToGeneric(opts iopodman.Create) GenericCLIResults { m["publish-all"] = boolFromVarlink(opts.PublishAll, "publish-all", false) m["quiet"] = boolFromVarlink(opts.Quiet, "quiet", false) m["read-only"] = boolFromVarlink(opts.Readonly, "read-only", false) + m["read-only-tmpfs"] = boolFromVarlink(opts.Readonlytmpfs, "read-only-tmpfs", true) m["restart"] = stringFromVarlink(opts.Restart, "restart", nil) m["rm"] = boolFromVarlink(opts.Rm, "rm", false) m["rootfs"] = boolFromVarlink(opts.Rootfs, "rootfs", false) diff --git a/cmd/podman/varlink/io.podman.varlink b/cmd/podman/varlink/io.podman.varlink index 17179d665..309f9765a 100644 --- a/cmd/podman/varlink/io.podman.varlink +++ b/cmd/podman/varlink/io.podman.varlink @@ -346,6 +346,7 @@ type Create ( publishAll: ?bool, quiet: ?bool, readonly: ?bool, + readonlytmpfs: ?bool, restart: ?string, rm: ?bool, rootfs: ?bool, |