diff options
author | Giuseppe Scrivano <gscrivan@redhat.com> | 2021-07-27 12:17:22 +0200 |
---|---|---|
committer | Giuseppe Scrivano <gscrivan@redhat.com> | 2021-07-28 11:04:36 +0200 |
commit | 67d439197ea5945333991a037abd0d0deda78bd3 (patch) | |
tree | 3616867edd7a0561f7bbcf049ca30d4e43a2f9ff /pkg/rootless/rootless_linux.go | |
parent | d7b2f03f8a5d0e3789ac185ea03989463168fb76 (diff) | |
download | podman-67d439197ea5945333991a037abd0d0deda78bd3.tar.gz podman-67d439197ea5945333991a037abd0d0deda78bd3.tar.bz2 podman-67d439197ea5945333991a037abd0d0deda78bd3.zip |
rootless: check that / is mounted as shared
if the root mount '/' is not mounted as MS_SHARED, print a
warning, otherwise new mounts that are created in the host won't be
propagated to the rootless mount namespace.
Closes: https://github.com/containers/podman/issues/10946
[NO TESTS NEEDED]
Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
Diffstat (limited to 'pkg/rootless/rootless_linux.go')
-rw-r--r-- | pkg/rootless/rootless_linux.go | 20 |
1 files changed, 20 insertions, 0 deletions
diff --git a/pkg/rootless/rootless_linux.go b/pkg/rootless/rootless_linux.go index f76eab0e3..9ef56acb4 100644 --- a/pkg/rootless/rootless_linux.go +++ b/pkg/rootless/rootless_linux.go @@ -14,11 +14,13 @@ import ( "os/user" "runtime" "strconv" + "strings" "sync" "unsafe" "github.com/containers/podman/v3/pkg/errorhandling" "github.com/containers/storage/pkg/idtools" + pmount "github.com/containers/storage/pkg/mount" "github.com/containers/storage/pkg/unshare" "github.com/pkg/errors" "github.com/sirupsen/logrus" @@ -235,6 +237,24 @@ func becomeRootInUserNS(pausePid, fileToRead string, fileOutput *os.File) (_ boo return false, 0, nil } + if mounts, err := pmount.GetMounts(); err == nil { + for _, m := range mounts { + if m.Mountpoint == "/" { + isShared := false + for _, o := range strings.Split(m.Optional, ",") { + if strings.HasPrefix(o, "shared:") { + isShared = true + break + } + } + if !isShared { + logrus.Warningf("%q is not a shared mount, this could cause issues or missing mounts with rootless containers", m.Mountpoint) + } + break + } + } + } + cPausePid := C.CString(pausePid) defer C.free(unsafe.Pointer(cPausePid)) |