diff options
author | Giuseppe Scrivano <gscrivan@redhat.com> | 2019-03-21 12:18:42 +0100 |
---|---|---|
committer | Giuseppe Scrivano <gscrivan@redhat.com> | 2019-03-29 14:04:44 +0100 |
commit | 849548ffb8e958e901317eceffdcc2d918cafd8d (patch) | |
tree | df4ed8253470a4598d4c2a5561b60305f5401c8a /libpod/runtime_ctr.go | |
parent | f7e72bc86aff2ff986290f190309deceb7f22099 (diff) | |
download | podman-849548ffb8e958e901317eceffdcc2d918cafd8d.tar.gz podman-849548ffb8e958e901317eceffdcc2d918cafd8d.tar.bz2 podman-849548ffb8e958e901317eceffdcc2d918cafd8d.zip |
userns: do not use an intermediate mount namespace
We have an issue in the current implementation where the cleanup
process is not able to umount the storage as it is running in a
separate namespace.
Simplify the implementation for user namespaces by not using an
intermediate mount namespace. For doing it, we need to relax the
permissions on the parent directories and allow browsing
them. Containers that are running without a user namespace, will still
maintain mode 0700 on their directory.
Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
Diffstat (limited to 'libpod/runtime_ctr.go')
-rw-r--r-- | libpod/runtime_ctr.go | 6 |
1 files changed, 1 insertions, 5 deletions
diff --git a/libpod/runtime_ctr.go b/libpod/runtime_ctr.go index 17340f56d..506aee477 100644 --- a/libpod/runtime_ctr.go +++ b/libpod/runtime_ctr.go @@ -201,11 +201,7 @@ func (r *Runtime) newContainer(ctx context.Context, rSpec *spec.Spec, options .. } if !MountExists(ctr.config.Spec.Mounts, "/dev/shm") && ctr.config.ShmDir == "" { - if ctr.state.UserNSRoot == "" { - ctr.config.ShmDir = filepath.Join(ctr.bundlePath(), "shm") - } else { - ctr.config.ShmDir = filepath.Join(ctr.state.UserNSRoot, "shm") - } + ctr.config.ShmDir = filepath.Join(ctr.bundlePath(), "shm") if err := os.MkdirAll(ctr.config.ShmDir, 0700); err != nil { if !os.IsExist(err) { return nil, errors.Wrapf(err, "unable to create shm %q dir", ctr.config.ShmDir) |