diff options
| author | Ashley Cui <acui@redhat.com> | 2021-05-14 16:29:44 -0400 |
|---|---|---|
| committer | Ashley Cui <acui@redhat.com> | 2021-07-12 17:00:50 -0400 |
| commit | 6f9d9636a23cf19a619c04d38e5efd524b846534 (patch) | |
| tree | 921ab1cbfe058d9dde258141aa905ed03a24e44c /libpod/container.go | |
| parent | 60d12f72b972d44ee20e95eb99c64a233069bf73 (diff) | |
| download | podman-6f9d9636a23cf19a619c04d38e5efd524b846534.tar.gz podman-6f9d9636a23cf19a619c04d38e5efd524b846534.tar.bz2 podman-6f9d9636a23cf19a619c04d38e5efd524b846534.zip | |
Support uid,gid,mode options for secrets
Support UID, GID, Mode options for mount type secrets. Also, change
default secret permissions to 444 so all users can read secret.
Signed-off-by: Ashley Cui <acui@redhat.com>
Diffstat (limited to 'libpod/container.go')
| -rw-r--r-- | libpod/container.go | 14 |
1 files changed, 13 insertions, 1 deletions
diff --git a/libpod/container.go b/libpod/container.go index e14051f80..6cc64f3fd 100644 --- a/libpod/container.go +++ b/libpod/container.go @@ -237,6 +237,18 @@ type ContainerImageVolume struct { ReadWrite bool `json:"rw"` } +// ContainerSecret is a secret that is mounted in a container +type ContainerSecret struct { + // Secret is the secret + *secrets.Secret + // UID is tbe UID of the secret file + UID uint32 + // GID is the GID of the secret file + GID uint32 + // Mode is the mode of the secret file + Mode uint32 +} + // ContainerNetworkDescriptions describes the relationship between the CNI // network and the ethN where N is an integer type ContainerNetworkDescriptions map[string]int @@ -1136,7 +1148,7 @@ func (c *Container) Umask() string { } //Secrets return the secrets in the container -func (c *Container) Secrets() []*secrets.Secret { +func (c *Container) Secrets() []*ContainerSecret { return c.config.Secrets } |