diff options
author | Daniel J Walsh <dwalsh@redhat.com> | 2017-11-05 22:01:54 +0000 |
---|---|---|
committer | Atomic Bot <atomic-devel@projectatomic.io> | 2017-11-06 14:43:06 +0000 |
commit | 006a8bd6f341358bd2917c69466fb5968de78d99 (patch) | |
tree | 53f7cd263c6b43dea4f101e664920a6f452e89a8 /cmd | |
parent | 402c30333fa1618f201f89ffaf80db815ab3b7f6 (diff) | |
download | podman-006a8bd6f341358bd2917c69466fb5968de78d99.tar.gz podman-006a8bd6f341358bd2917c69466fb5968de78d99.tar.bz2 podman-006a8bd6f341358bd2917c69466fb5968de78d99.zip |
Convert tmpfs mounts to use generate
Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
Closes: #19
Approved by: baude
Diffstat (limited to 'cmd')
-rw-r--r-- | cmd/kpod/spec.go | 17 |
1 files changed, 14 insertions, 3 deletions
diff --git a/cmd/kpod/spec.go b/cmd/kpod/spec.go index abb1cba5b..611a3cc56 100644 --- a/cmd/kpod/spec.go +++ b/cmd/kpod/spec.go @@ -6,6 +6,7 @@ import ( "strings" "github.com/docker/docker/daemon/caps" + "github.com/docker/docker/pkg/mount" spec "github.com/opencontainers/runtime-spec/specs-go" "github.com/opencontainers/runtime-tools/generate" "github.com/pkg/errors" @@ -110,6 +111,19 @@ func createConfigToOCISpec(config *createConfig) (*spec.Spec, error) { g.SetLinuxResourcesPidsLimit(config.resources.pidsLimit) } + for _, i := range config.tmpfs { + options := []string{"rw", "noexec", "nosuid", "nodev", "size=65536k"} + spliti := strings.SplitN(i, ":", 2) + if len(spliti) > 1 { + if _, _, err := mount.ParseTmpfsOptions(spliti[1]); err != nil { + return nil, err + } + options = strings.Split(spliti[1], ",") + } + // Default options if nothing passed + g.AddTmpfsMount(spliti[0], options) + } + configSpec := g.Spec() if config.seccompProfilePath != "" && config.seccompProfilePath != "unconfined" { @@ -129,9 +143,6 @@ func createConfigToOCISpec(config *createConfig) (*spec.Spec, error) { // BIND MOUNTS configSpec.Mounts = append(configSpec.Mounts, config.GetVolumeMounts()...) - // TMPFS MOUNTS - configSpec.Mounts = append(configSpec.Mounts, config.GetTmpfsMounts()...) - // HANDLE CAPABILITIES if err := setupCapabilities(config, configSpec); err != nil { return nil, err |