Merge pull request #2138 from giuseppe/rootless-pod-fix

rootless: fix usage of create --pod=new:FOO
author: OpenShift Merge Robot <openshift-merge-robot@users.noreply.github.com> 2019-01-11 15:42:21 -0800
committer: GitHub <noreply@github.com> 2019-01-11 15:42:21 -0800
commit: 5c86efb28976938ad77fcc0f677e0842d06b65b5 (patch)
tree: 16cd8fcf81e9bc355b7b50648713ca09f5fa1bd2 /libpod
parent: 28c35cab8750f379a418e87ed6bd874a12ec158d (diff)
parent: 04a4ba9b7302b807b7a5d9a180d3fcd27560052a (diff)
download: podman-5c86efb28976938ad77fcc0f677e0842d06b65b5.tar.gz
podman-5c86efb28976938ad77fcc0f677e0842d06b65b5.tar.bz2
podman-5c86efb28976938ad77fcc0f677e0842d06b65b5.zip
1 files changed, 1 insertions, 1 deletions
diff --git a/libpod/container_internal_linux.go b/libpod/container_internal_linux.go
index 4f490bb88..bcdfdaee3 100644
--- a/libpod/container_internal_linux.go
+++ b/libpod/container_internal_linux.go
@@ -226,7 +226,7 @@ func (c *Container) generateSpec(ctx context.Context) (*spec.Spec, error) {
 			Options:     []string{"bind", "private"},
 		}
 		if c.IsReadOnly() && dstPath != "/dev/shm" {
-			newMount.Options = append(newMount.Options, "ro")
+			newMount.Options = append(newMount.Options, "ro", "nosuid", "noexec", "nodev")
 		}
 		if !MountExists(g.Mounts(), dstPath) {
 			g.AddMount(newMount)
author	OpenShift Merge Robot <openshift-merge-robot@users.noreply.github.com>	2019-01-11 15:42:21 -0800
committer	GitHub <noreply@github.com>	2019-01-11 15:42:21 -0800
commit	5c86efb28976938ad77fcc0f677e0842d06b65b5 (patch)
tree	16cd8fcf81e9bc355b7b50648713ca09f5fa1bd2 /libpod
parent	28c35cab8750f379a418e87ed6bd874a12ec158d (diff)
parent	04a4ba9b7302b807b7a5d9a180d3fcd27560052a (diff)
download	podman-5c86efb28976938ad77fcc0f677e0842d06b65b5.tar.gz podman-5c86efb28976938ad77fcc0f677e0842d06b65b5.tar.bz2 podman-5c86efb28976938ad77fcc0f677e0842d06b65b5.zip