diff options
| author | OpenShift Merge Robot <openshift-merge-robot@users.noreply.github.com> | 2018-11-30 11:09:51 -0800 |
|---|---|---|
| committer | GitHub <noreply@github.com> | 2018-11-30 11:09:51 -0800 |
| commit | b504623a1153c761604196dcd907cbdf165afa8b (patch) | |
| tree | d327f82c16ab2a6021828058fd0571fd55e97d73 /libpod | |
| parent | 36364b18a97c6dc967c2cd36f34a672b9d102f0e (diff) | |
| parent | 3beacb73bced227b211bf3b8710382b94358614b (diff) | |
| download | podman-b504623a1153c761604196dcd907cbdf165afa8b.tar.gz podman-b504623a1153c761604196dcd907cbdf165afa8b.tar.bz2 podman-b504623a1153c761604196dcd907cbdf165afa8b.zip | |
Merge pull request #1317 from rhatdan/privileged
Disable mount options when running --privileged
Diffstat (limited to 'libpod')
| -rw-r--r-- | libpod/container_internal.go | 21 |
1 files changed, 21 insertions, 0 deletions
diff --git a/libpod/container_internal.go b/libpod/container_internal.go index 24ddb6655..e31a8099c 100644 --- a/libpod/container_internal.go +++ b/libpod/container_internal.go @@ -273,6 +273,27 @@ func (c *Container) setupStorage(ctx context.Context) error { }, LabelOpts: c.config.LabelOpts, } + if c.config.Privileged { + privOpt := func(opt string) bool { + for _, privopt := range []string{"nodev", "nosuid", "noexec"} { + if opt == privopt { + return true + } + } + return false + } + defOptions, err := storage.GetDefaultMountOptions() + if err != nil { + return errors.Wrapf(err, "error getting default mount options") + } + var newOptions []string + for _, opt := range defOptions { + if !privOpt(opt) { + newOptions = append(newOptions, opt) + } + } + options.MountOpts = newOptions + } if c.config.Rootfs == "" { options.IDMappingOptions = c.config.IDMappings |