diff options
author | Matthew Heon <matthew.heon@gmail.com> | 2018-07-20 12:29:04 -0400 |
---|---|---|
committer | GitHub <noreply@github.com> | 2018-07-20 12:29:04 -0400 |
commit | d433e5612409f9e2207b11b017b1101631a7971b (patch) | |
tree | 7e198c5a0b9f07a1dc8537b5f172aee54563832a /pkg/secrets/secrets.go | |
parent | ba1871dac033783ab0329c9b3c9113a34a90992f (diff) | |
parent | d4f14be3a7aa7b5b884906d764db3214e51b3e67 (diff) | |
download | podman-d433e5612409f9e2207b11b017b1101631a7971b.tar.gz podman-d433e5612409f9e2207b11b017b1101631a7971b.tar.bz2 podman-d433e5612409f9e2207b11b017b1101631a7971b.zip |
Merge pull request #1099 from giuseppe/per-user-conf-files
rootless: allow to override configuration files
Diffstat (limited to 'pkg/secrets/secrets.go')
-rw-r--r-- | pkg/secrets/secrets.go | 18 |
1 files changed, 14 insertions, 4 deletions
diff --git a/pkg/secrets/secrets.go b/pkg/secrets/secrets.go index ba0f3b925..bc63ece00 100644 --- a/pkg/secrets/secrets.go +++ b/pkg/secrets/secrets.go @@ -10,6 +10,7 @@ import ( rspec "github.com/opencontainers/runtime-spec/specs-go" "github.com/opencontainers/selinux/go-selinux/label" "github.com/pkg/errors" + "github.com/projectatomic/libpod/pkg/rootless" "github.com/sirupsen/logrus" ) @@ -20,6 +21,9 @@ var ( // OverrideMountsFile holds the default mount paths in the form // "host_path:container_path" overridden by the user OverrideMountsFile = "/etc/containers/mounts.conf" + // UserOverrideMountsFile holds the default mount paths in the form + // "host_path:container_path" overridden by the rootless user + UserOverrideMountsFile = filepath.Join(os.Getenv("HOME"), ".config/containers/mounts.conf") ) // secretData stores the name of the file and the content read from it @@ -143,15 +147,21 @@ func SecretMountsWithUIDGID(mountLabel, containerWorkingDir, mountFile, mountPre // Note for testing purposes only if mountFile == "" { mountFiles = append(mountFiles, []string{OverrideMountsFile, DefaultMountsFile}...) + if rootless.IsRootless() { + mountFiles = append([]string{UserOverrideMountsFile}, mountFiles...) + } } else { mountFiles = append(mountFiles, mountFile) } for _, file := range mountFiles { - mounts, err := addSecretsFromMountsFile(file, mountLabel, containerWorkingDir, mountPrefix, uid, gid) - if err != nil { - logrus.Warnf("error mounting secrets, skipping: %v", err) + if _, err := os.Stat(file); err == nil { + mounts, err := addSecretsFromMountsFile(file, mountLabel, containerWorkingDir, mountPrefix, uid, gid) + if err != nil { + logrus.Warnf("error mounting secrets, skipping: %v", err) + } + secretMounts = mounts + break } - secretMounts = append(secretMounts, mounts...) } // Add FIPS mode secret if /etc/system-fips exists on the host |