aboutsummaryrefslogtreecommitdiff
path: root/libpod
diff options
context:
space:
mode:
authorMatthew Heon <matthew.heon@pm.me>2019-08-22 11:21:20 -0400
committerMatthew Heon <matthew.heon@pm.me>2019-08-28 14:28:18 -0400
commit02264d597faa034c14393ab6c98591e85a2642ee (patch)
tree7a2c51a405bc30a2e41eaee591d5da5ed744fa61 /libpod
parent502536fe07cf858757f1e358cfb91dc02facf546 (diff)
downloadpodman-02264d597faa034c14393ab6c98591e85a2642ee.tar.gz
podman-02264d597faa034c14393ab6c98591e85a2642ee.tar.bz2
podman-02264d597faa034c14393ab6c98591e85a2642ee.zip
Add support for 'exec', 'suid', 'dev' mount flags
Previously, we explicitly set noexec/nosuid/nodev on every mount, with no ability to disable them. The 'mount' command on Linux will accept their inverses without complaint, though - 'noexec' is counteracted by 'exec', 'nosuid' by 'suid', etc. Add support for passing these options at the command line to disable our explicit forcing of security options. This also cleans up mount option handling significantly. We are still parsing options in more than one place, which isn't good, but option parsing for bind and tmpfs mounts has been unified. Fixes: #3819 Fixes: #3803 Signed-off-by: Matthew Heon <matthew.heon@pm.me>
Diffstat (limited to 'libpod')
-rw-r--r--libpod/options.go7
1 files changed, 6 insertions, 1 deletions
diff --git a/libpod/options.go b/libpod/options.go
index a7ddbec34..f4bf536b3 100644
--- a/libpod/options.go
+++ b/libpod/options.go
@@ -1360,10 +1360,15 @@ func WithNamedVolumes(volumes []*ContainerNamedVolume) CtrCreateOption {
}
destinations[vol.Dest] = true
+ mountOpts, err := util.ProcessOptions(vol.Options, false)
+ if err != nil {
+ return errors.Wrapf(err, "error processing options for named volume %q mounted at %q", vol.Name, vol.Dest)
+ }
+
ctr.config.NamedVolumes = append(ctr.config.NamedVolumes, &ContainerNamedVolume{
Name: vol.Name,
Dest: vol.Dest,
- Options: util.ProcessOptions(vol.Options),
+ Options: mountOpts,
})
}