diff options
| author | Ashley Cui <acui@redhat.com> | 2021-05-14 16:29:44 -0400 |
|---|---|---|
| committer | Ashley Cui <acui@redhat.com> | 2021-05-17 14:35:55 -0400 |
| commit | cf30f160ad599cac0f3dc300f673d88f60128275 (patch) | |
| tree | 140d265481fc1b2e02a0f903729253e6c631dada /libpod/container.go | |
| parent | 2b0b97150a01c5a3c1706dd369a0caeb5cf6ec09 (diff) | |
| download | podman-cf30f160ad599cac0f3dc300f673d88f60128275.tar.gz podman-cf30f160ad599cac0f3dc300f673d88f60128275.tar.bz2 podman-cf30f160ad599cac0f3dc300f673d88f60128275.zip | |
Support uid,gid,mode options for secrets
Support UID, GID, Mode options for mount type secrets. Also, change
default secret permissions to 444 so all users can read secret.
Signed-off-by: Ashley Cui <acui@redhat.com>
Diffstat (limited to 'libpod/container.go')
| -rw-r--r-- | libpod/container.go | 14 |
1 files changed, 13 insertions, 1 deletions
diff --git a/libpod/container.go b/libpod/container.go index c49d8feeb..fb17e2ea0 100644 --- a/libpod/container.go +++ b/libpod/container.go @@ -235,6 +235,18 @@ type ContainerImageVolume struct { ReadWrite bool `json:"rw"` } +// ContainerSecret is a secret that is mounted in a container +type ContainerSecret struct { + // Secret is the secret + *secrets.Secret + // UID is tbe UID of the secret file + UID uint32 + // GID is the GID of the secret file + GID uint32 + // Mode is the mode of the secret file + Mode uint32 +} + // ContainerNetworkDescriptions describes the relationship between the CNI // network and the ethN where N is an integer type ContainerNetworkDescriptions map[string]int @@ -1124,7 +1136,7 @@ func (c *Container) Umask() string { } //Secrets return the secrets in the container -func (c *Container) Secrets() []*secrets.Secret { +func (c *Container) Secrets() []*ContainerSecret { return c.config.Secrets } |