summaryrefslogtreecommitdiff
path: root/pkg/rootless
diff options
context:
space:
mode:
authorGiuseppe Scrivano <gscrivan@redhat.com>2021-07-27 12:17:22 +0200
committerGiuseppe Scrivano <gscrivan@redhat.com>2021-07-28 11:04:36 +0200
commit67d439197ea5945333991a037abd0d0deda78bd3 (patch)
tree3616867edd7a0561f7bbcf049ca30d4e43a2f9ff /pkg/rootless
parentd7b2f03f8a5d0e3789ac185ea03989463168fb76 (diff)
downloadpodman-67d439197ea5945333991a037abd0d0deda78bd3.tar.gz
podman-67d439197ea5945333991a037abd0d0deda78bd3.tar.bz2
podman-67d439197ea5945333991a037abd0d0deda78bd3.zip
rootless: check that / is mounted as shared
if the root mount '/' is not mounted as MS_SHARED, print a warning, otherwise new mounts that are created in the host won't be propagated to the rootless mount namespace. Closes: https://github.com/containers/podman/issues/10946 [NO TESTS NEEDED] Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
Diffstat (limited to 'pkg/rootless')
-rw-r--r--pkg/rootless/rootless_linux.go20
1 files changed, 20 insertions, 0 deletions
diff --git a/pkg/rootless/rootless_linux.go b/pkg/rootless/rootless_linux.go
index f76eab0e3..9ef56acb4 100644
--- a/pkg/rootless/rootless_linux.go
+++ b/pkg/rootless/rootless_linux.go
@@ -14,11 +14,13 @@ import (
"os/user"
"runtime"
"strconv"
+ "strings"
"sync"
"unsafe"
"github.com/containers/podman/v3/pkg/errorhandling"
"github.com/containers/storage/pkg/idtools"
+ pmount "github.com/containers/storage/pkg/mount"
"github.com/containers/storage/pkg/unshare"
"github.com/pkg/errors"
"github.com/sirupsen/logrus"
@@ -235,6 +237,24 @@ func becomeRootInUserNS(pausePid, fileToRead string, fileOutput *os.File) (_ boo
return false, 0, nil
}
+ if mounts, err := pmount.GetMounts(); err == nil {
+ for _, m := range mounts {
+ if m.Mountpoint == "/" {
+ isShared := false
+ for _, o := range strings.Split(m.Optional, ",") {
+ if strings.HasPrefix(o, "shared:") {
+ isShared = true
+ break
+ }
+ }
+ if !isShared {
+ logrus.Warningf("%q is not a shared mount, this could cause issues or missing mounts with rootless containers", m.Mountpoint)
+ }
+ break
+ }
+ }
+ }
+
cPausePid := C.CString(pausePid)
defer C.free(unsafe.Pointer(cPausePid))