summaryrefslogtreecommitdiff
path: root/libpod/container_internal.go
diff options
context:
space:
mode:
authorOpenShift Merge Robot <openshift-merge-robot@users.noreply.github.com>2018-11-30 11:09:51 -0800
committerGitHub <noreply@github.com>2018-11-30 11:09:51 -0800
commitb504623a1153c761604196dcd907cbdf165afa8b (patch)
treed327f82c16ab2a6021828058fd0571fd55e97d73 /libpod/container_internal.go
parent36364b18a97c6dc967c2cd36f34a672b9d102f0e (diff)
parent3beacb73bced227b211bf3b8710382b94358614b (diff)
downloadpodman-b504623a1153c761604196dcd907cbdf165afa8b.tar.gz
podman-b504623a1153c761604196dcd907cbdf165afa8b.tar.bz2
podman-b504623a1153c761604196dcd907cbdf165afa8b.zip
Merge pull request #1317 from rhatdan/privileged
Disable mount options when running --privileged
Diffstat (limited to 'libpod/container_internal.go')
-rw-r--r--libpod/container_internal.go21
1 files changed, 21 insertions, 0 deletions
diff --git a/libpod/container_internal.go b/libpod/container_internal.go
index 24ddb6655..e31a8099c 100644
--- a/libpod/container_internal.go
+++ b/libpod/container_internal.go
@@ -273,6 +273,27 @@ func (c *Container) setupStorage(ctx context.Context) error {
},
LabelOpts: c.config.LabelOpts,
}
+ if c.config.Privileged {
+ privOpt := func(opt string) bool {
+ for _, privopt := range []string{"nodev", "nosuid", "noexec"} {
+ if opt == privopt {
+ return true
+ }
+ }
+ return false
+ }
+ defOptions, err := storage.GetDefaultMountOptions()
+ if err != nil {
+ return errors.Wrapf(err, "error getting default mount options")
+ }
+ var newOptions []string
+ for _, opt := range defOptions {
+ if !privOpt(opt) {
+ newOptions = append(newOptions, opt)
+ }
+ }
+ options.MountOpts = newOptions
+ }
if c.config.Rootfs == "" {
options.IDMappingOptions = c.config.IDMappings