aboutsummaryrefslogtreecommitdiff
path: root/libpod/container.go
diff options
context:
space:
mode:
authorGiuseppe Scrivano <gscrivan@redhat.com>2019-03-21 12:18:42 +0100
committerGiuseppe Scrivano <gscrivan@redhat.com>2019-03-29 14:04:44 +0100
commit849548ffb8e958e901317eceffdcc2d918cafd8d (patch)
treedf4ed8253470a4598d4c2a5561b60305f5401c8a /libpod/container.go
parentf7e72bc86aff2ff986290f190309deceb7f22099 (diff)
downloadpodman-849548ffb8e958e901317eceffdcc2d918cafd8d.tar.gz
podman-849548ffb8e958e901317eceffdcc2d918cafd8d.tar.bz2
podman-849548ffb8e958e901317eceffdcc2d918cafd8d.zip
userns: do not use an intermediate mount namespace
We have an issue in the current implementation where the cleanup process is not able to umount the storage as it is running in a separate namespace. Simplify the implementation for user namespaces by not using an intermediate mount namespace. For doing it, we need to relax the permissions on the parent directories and allow browsing them. Containers that are running without a user namespace, will still maintain mode 0700 on their directory. Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
Diffstat (limited to 'libpod/container.go')
-rw-r--r--libpod/container.go12
1 files changed, 1 insertions, 11 deletions
diff --git a/libpod/container.go b/libpod/container.go
index 6d80a9bf4..739406e42 100644
--- a/libpod/container.go
+++ b/libpod/container.go
@@ -146,18 +146,12 @@ type ContainerState struct {
ConfigPath string `json:"configPath,omitempty"`
// RunDir is a per-boot directory for container content
RunDir string `json:"runDir,omitempty"`
- // DestinationRunDir is where the files in RunDir will be accessible for the container.
- // It is different than RunDir when using userNS
- DestinationRunDir string `json:"destinationRunDir,omitempty"`
// Mounted indicates whether the container's storage has been mounted
// for use
Mounted bool `json:"mounted,omitempty"`
// Mountpoint contains the path to the container's mounted storage as given
- // by containers/storage. It can be different than RealMountpoint when
- // usernamespaces are used
+ // by containers/storage.
Mountpoint string `json:"mountPoint,omitempty"`
- // RealMountpoint contains the path to the container's mounted storage
- RealMountpoint string `json:"realMountPoint,omitempty"`
// StartedTime is the time the container was started
StartedTime time.Time `json:"startedTime,omitempty"`
// FinishedTime is the time the container finished executing
@@ -186,10 +180,6 @@ type ContainerState struct {
// the path of the file on disk outside the container
BindMounts map[string]string `json:"bindMounts,omitempty"`
- // UserNSRoot is the directory used as root for the container when using
- // user namespaces.
- UserNSRoot string `json:"userNSRoot,omitempty"`
-
// ExtensionStageHooks holds hooks which will be executed by libpod
// and not delegated to the OCI runtime.
ExtensionStageHooks map[string][]spec.Hook `json:"extensionStageHooks,omitempty"`