aboutsummaryrefslogtreecommitdiff
path: root/libpod
diff options
context:
space:
mode:
authorumohnani8 <umohnani@redhat.com>2018-04-19 10:25:01 -0400
committerumohnani8 <umohnani@redhat.com>2018-04-23 13:17:12 -0400
commit57afb7514d5c123779601cae77d016bf6de8a5f1 (patch)
treeb1500483b4172c0b05baaf5690c76c3d5486d5ad /libpod
parent8493dba23c73617d9529b7ca13b400d50ac6f455 (diff)
downloadpodman-57afb7514d5c123779601cae77d016bf6de8a5f1.tar.gz
podman-57afb7514d5c123779601cae77d016bf6de8a5f1.tar.bz2
podman-57afb7514d5c123779601cae77d016bf6de8a5f1.zip
Add FIPS mode secret
If the host is in FIPS mode and /etc/system-fips exists /run/secrets/system-fips is created in the container so that the container can run in FIPS mode as well. Signed-off-by: umohnani8 <umohnani@redhat.com>
Diffstat (limited to 'libpod')
-rw-r--r--libpod/container_internal.go14
1 files changed, 3 insertions, 11 deletions
diff --git a/libpod/container_internal.go b/libpod/container_internal.go
index 32f8d2aec..62960fa0f 100644
--- a/libpod/container_internal.go
+++ b/libpod/container_internal.go
@@ -754,8 +754,7 @@ func (c *Container) makeBindMounts() error {
}
// Add Secret Mounts
- secretMounts := c.getSecretMounts(secrets.OverrideMountsFile)
- secretMounts = append(secretMounts, c.getSecretMounts(secrets.DefaultMountsFile)...)
+ secretMounts := secrets.SecretMounts(c.config.MountLabel, c.state.RunDir)
for _, mount := range secretMounts {
if _, ok := c.state.BindMounts[mount.Destination]; !ok {
c.state.BindMounts[mount.Destination] = mount.Source
@@ -765,15 +764,6 @@ func (c *Container) makeBindMounts() error {
return nil
}
-// addSecrets mounts the secrets from the override and/or default mounts file
-func (c *Container) getSecretMounts(mountFile string) (secretMounts []spec.Mount) {
- secretMounts, err := secrets.SecretMounts(mountFile, c.config.MountLabel, c.state.RunDir)
- if err != nil {
- logrus.Warn("error mounting secrets, skipping...")
- }
- return secretMounts
-}
-
// writeStringToRundir copies the provided file to the runtimedir
func (c *Container) writeStringToRundir(destFile, output string) (string, error) {
destFileName := filepath.Join(c.state.RunDir, destFile)
@@ -932,6 +922,8 @@ func (c *Container) generateSpec(ctx context.Context) (*spec.Spec, error) {
}
if !MountExists(g.Mounts(), dstPath) {
g.AddMount(newMount)
+ } else {
+ logrus.Warnf("User mount overriding libpod mount at %q", dstPath)
}
}