diff options
| author | Giuseppe Scrivano <gscrivan@redhat.com> | 2019-01-10 10:06:37 +0100 |
|---|---|---|
| committer | Giuseppe Scrivano <gscrivan@redhat.com> | 2019-01-10 13:02:58 +0100 |
| commit | 7ba38b375fc3ce4bb34dd86ca763c0359242497b (patch) | |
| tree | cc3fc9ebb67df2def3877d3034d2b0665566698c /pkg/spec/createconfig.go | |
| parent | 64627d910b2113fa2de6b949d846af379e75e305 (diff) | |
| download | podman-7ba38b375fc3ce4bb34dd86ca763c0359242497b.tar.gz podman-7ba38b375fc3ce4bb34dd86ca763c0359242497b.tar.bz2 podman-7ba38b375fc3ce4bb34dd86ca763c0359242497b.zip | |
createconfig: always cleanup a rootless container
the rootless container storage is always mounted in a different mount
namespace, owned by the unprivileged user. Even if it is mounted, a
process running in another namespace cannot reuse the already mounted
storage.
Make sure the storage is always cleaned up once the container
terminates.
This has worked with vfs since there is no real mounted storage.
Closes: https://github.com/containers/libpod/issues/2112
Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
Diffstat (limited to 'pkg/spec/createconfig.go')
| -rw-r--r-- | pkg/spec/createconfig.go | 4 |
1 files changed, 3 insertions, 1 deletions
diff --git a/pkg/spec/createconfig.go b/pkg/spec/createconfig.go index ffc98e307..87fce7e2e 100644 --- a/pkg/spec/createconfig.go +++ b/pkg/spec/createconfig.go @@ -518,7 +518,9 @@ func (c *CreateConfig) GetContainerCreateOptions(runtime *libpod.Runtime) ([]lib if c.CgroupParent != "" { options = append(options, libpod.WithCgroupParent(c.CgroupParent)) } - if c.Detach { + // For a rootless container always cleanup the storage/network as they + // run in a different namespace thus not reusable when we restart. + if c.Detach || rootless.IsRootless() { options = append(options, libpod.WithExitCommand(c.createExitCommand())) } |