diff options
| author | umohnani8 <umohnani@redhat.com> | 2018-03-23 16:38:55 -0400 |
|---|---|---|
| committer | Atomic Bot <atomic-devel@projectatomic.io> | 2018-03-29 14:15:27 +0000 |
| commit | 8a96b4acbc97d5c34ff0160ab1a1b585fdd5d156 (patch) | |
| tree | 822c9d92ee38b8a85f7f41cc85edc6c388be00f2 /libpod/container_internal.go | |
| parent | d0c983563129c804d2c974b05cc7d3604957f51a (diff) | |
| download | podman-8a96b4acbc97d5c34ff0160ab1a1b585fdd5d156.tar.gz podman-8a96b4acbc97d5c34ff0160ab1a1b585fdd5d156.tar.bz2 podman-8a96b4acbc97d5c34ff0160ab1a1b585fdd5d156.zip | |
Add secrets patch to podman
Adds support for mounting secrets especially on RHEL where the container
can use the host subsription to run yum
Signed-off-by: umohnani8 <umohnani@redhat.com>
Closes: #544
Approved by: rhatdan
Diffstat (limited to 'libpod/container_internal.go')
| -rw-r--r-- | libpod/container_internal.go | 19 |
1 files changed, 19 insertions, 0 deletions
diff --git a/libpod/container_internal.go b/libpod/container_internal.go index a338a1776..4bfdfae9d 100644 --- a/libpod/container_internal.go +++ b/libpod/container_internal.go @@ -22,6 +22,7 @@ import ( "github.com/pkg/errors" crioAnnotations "github.com/projectatomic/libpod/pkg/annotations" "github.com/projectatomic/libpod/pkg/chrootuser" + "github.com/projectatomic/libpod/pkg/secrets" "github.com/projectatomic/libpod/pkg/util" "github.com/sirupsen/logrus" "github.com/ulule/deepcopier" @@ -681,9 +682,27 @@ func (c *Container) makeBindMounts() error { c.state.BindMounts["/run/.containerenv"] = containerenvPath } + // Add Secret Mounts + secretMounts := c.getSecretMounts(secrets.OverrideMountsFile) + secretMounts = append(secretMounts, c.getSecretMounts(secrets.DefaultMountsFile)...) + for _, mount := range secretMounts { + if _, ok := c.state.BindMounts[mount.Destination]; !ok { + c.state.BindMounts[mount.Destination] = mount.Source + } + } + return nil } +// addSecrets mounts the secrets from the override and/or default mounts file +func (c *Container) getSecretMounts(mountFile string) (secretMounts []spec.Mount) { + secretMounts, err := secrets.SecretMounts(mountFile, c.config.MountLabel, c.state.RunDir) + if err != nil { + logrus.Warn("error mounting secrets, skipping...") + } + return secretMounts +} + // writeStringToRundir copies the provided file to the runtimedir func (c *Container) writeStringToRundir(destFile, output string) (string, error) { destFileName := filepath.Join(c.state.RunDir, destFile) |