diff options
author | OpenShift Merge Robot <openshift-merge-robot@users.noreply.github.com> | 2020-10-30 18:16:02 +0100 |
---|---|---|
committer | GitHub <noreply@github.com> | 2020-10-30 18:16:02 +0100 |
commit | 7a68db33e137e227144486506548fe703498b8dd (patch) | |
tree | dc8e2aaacf6d1c30310bf69862b128a4177ebbb8 /libpod/container_internal_linux.go | |
parent | e632f3f2588d00184a50a7328d54a31ccf973708 (diff) | |
parent | 6779c1cfc203a545d0b17d7a413b0f7daa6b1e43 (diff) | |
download | podman-7a68db33e137e227144486506548fe703498b8dd.tar.gz podman-7a68db33e137e227144486506548fe703498b8dd.tar.bz2 podman-7a68db33e137e227144486506548fe703498b8dd.zip |
Merge pull request #8127 from andylibrian/grab-systemd-mount-flags-from-the-host-7661
Improve setupSystemd, grab mount options from the host
Diffstat (limited to 'libpod/container_internal_linux.go')
-rw-r--r-- | libpod/container_internal_linux.go | 22 |
1 files changed, 21 insertions, 1 deletions
diff --git a/libpod/container_internal_linux.go b/libpod/container_internal_linux.go index 57d5100cf..043924166 100644 --- a/libpod/container_internal_linux.go +++ b/libpod/container_internal_linux.go @@ -698,11 +698,31 @@ func (c *Container) setupSystemd(mounts []spec.Mount, g generate.Generator) erro } g.AddMount(systemdMnt) } else { + mountOptions := []string{"bind", "rprivate"} + + var statfs unix.Statfs_t + if err := unix.Statfs("/sys/fs/cgroup/systemd", &statfs); err != nil { + mountOptions = append(mountOptions, "nodev", "noexec", "nosuid") + } else { + if statfs.Flags&unix.MS_NODEV == unix.MS_NODEV { + mountOptions = append(mountOptions, "nodev") + } + if statfs.Flags&unix.MS_NOEXEC == unix.MS_NOEXEC { + mountOptions = append(mountOptions, "noexec") + } + if statfs.Flags&unix.MS_NOSUID == unix.MS_NOSUID { + mountOptions = append(mountOptions, "nosuid") + } + if statfs.Flags&unix.MS_RDONLY == unix.MS_RDONLY { + mountOptions = append(mountOptions, "ro") + } + } + systemdMnt := spec.Mount{ Destination: "/sys/fs/cgroup/systemd", Type: "bind", Source: "/sys/fs/cgroup/systemd", - Options: []string{"bind", "nodev", "noexec", "nosuid", "rprivate"}, + Options: mountOptions, } g.AddMount(systemdMnt) g.AddLinuxMaskedPaths("/sys/fs/cgroup/systemd/release_agent") |