diff options
| author | Giuseppe Scrivano <gscrivan@redhat.com> | 2018-04-24 16:41:42 +0200 |
|---|---|---|
| committer | Atomic Bot <atomic-devel@projectatomic.io> | 2018-05-04 17:15:55 +0000 |
| commit | 522a7197a88ab4e3730387df33f22e445f0f8f3c (patch) | |
| tree | b9ff641842314b447296d18c072eb478d9742632 /pkg/secrets/secrets.go | |
| parent | 73078fabcfd2420c47e41843da71dd993f9a0a3e (diff) | |
| download | podman-522a7197a88ab4e3730387df33f22e445f0f8f3c.tar.gz podman-522a7197a88ab4e3730387df33f22e445f0f8f3c.tar.bz2 podman-522a7197a88ab4e3730387df33f22e445f0f8f3c.zip | |
podman, userNS: configure an intermediate mount namespace
Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
Closes: #690
Approved by: mheon
Diffstat (limited to 'pkg/secrets/secrets.go')
| -rw-r--r-- | pkg/secrets/secrets.go | 10 |
1 files changed, 5 insertions, 5 deletions
diff --git a/pkg/secrets/secrets.go b/pkg/secrets/secrets.go index 29ccd4592..0e48c7a12 100644 --- a/pkg/secrets/secrets.go +++ b/pkg/secrets/secrets.go @@ -128,11 +128,11 @@ func getMountsMap(path string) (string, string, error) { // SecretMounts copies, adds, and mounts the secrets to the container root filesystem func SecretMounts(mountLabel, containerWorkingDir, mountFile string) []rspec.Mount { - return SecretMountsWithUIDGID(mountLabel, containerWorkingDir, mountFile, 0, 0) + return SecretMountsWithUIDGID(mountLabel, containerWorkingDir, mountFile, containerWorkingDir, 0, 0) } // SecretMountsWithUIDGID specifies the uid/gid of the owner -func SecretMountsWithUIDGID(mountLabel, containerWorkingDir, mountFile string, uid, gid int) []rspec.Mount { +func SecretMountsWithUIDGID(mountLabel, containerWorkingDir, mountFile, mountPrefix string, uid, gid int) []rspec.Mount { var ( secretMounts []rspec.Mount mountFiles []string @@ -146,7 +146,7 @@ func SecretMountsWithUIDGID(mountLabel, containerWorkingDir, mountFile string, u mountFiles = append(mountFiles, mountFile) } for _, file := range mountFiles { - mounts, err := addSecretsFromMountsFile(file, mountLabel, containerWorkingDir, uid, gid) + mounts, err := addSecretsFromMountsFile(file, mountLabel, containerWorkingDir, mountPrefix, uid, gid) if err != nil { logrus.Warnf("error mounting secrets, skipping: %v", err) } @@ -175,7 +175,7 @@ func rchown(chowndir string, uid, gid int) error { // addSecretsFromMountsFile copies the contents of host directory to container directory // and returns a list of mounts -func addSecretsFromMountsFile(filePath, mountLabel, containerWorkingDir string, uid, gid int) ([]rspec.Mount, error) { +func addSecretsFromMountsFile(filePath, mountLabel, containerWorkingDir, mountPrefix string, uid, gid int) ([]rspec.Mount, error) { var mounts []rspec.Mount defaultMountsPaths := getMounts(filePath) for _, path := range defaultMountsPaths { @@ -226,7 +226,7 @@ func addSecretsFromMountsFile(filePath, mountLabel, containerWorkingDir string, } m := rspec.Mount{ - Source: ctrDirOnHost, + Source: filepath.Join(mountPrefix, ctrDir), Destination: ctrDir, Type: "bind", Options: []string{"bind"}, |