diff options
author | Matthew Heon <matthew.heon@gmail.com> | 2018-08-31 16:27:01 -0400 |
---|---|---|
committer | GitHub <noreply@github.com> | 2018-08-31 16:27:01 -0400 |
commit | 2491f3d6b2de5e6e5af2178bae2a260a3106b8a4 (patch) | |
tree | 04bc6d9e5ab9b19e7728a90ff4d48b0e4efe515f /pkg/spec/spec.go | |
parent | a917f8fa2a0d9130d84bfda0c40bfe1af68d505c (diff) | |
parent | 27ca091c08674b1a34058c9639d60455023ffa30 (diff) | |
download | podman-2491f3d6b2de5e6e5af2178bae2a260a3106b8a4.tar.gz podman-2491f3d6b2de5e6e5af2178bae2a260a3106b8a4.tar.bz2 podman-2491f3d6b2de5e6e5af2178bae2a260a3106b8a4.zip |
Merge pull request #1318 from rhatdan/systemd
Add proper support for systemd inside of podman
Diffstat (limited to 'pkg/spec/spec.go')
-rw-r--r-- | pkg/spec/spec.go | 43 |
1 files changed, 43 insertions, 0 deletions
diff --git a/pkg/spec/spec.go b/pkg/spec/spec.go index 26b93f5fe..11bc880cb 100644 --- a/pkg/spec/spec.go +++ b/pkg/spec/spec.go @@ -4,6 +4,7 @@ import ( "os" "strings" + "github.com/containers/libpod/libpod" "github.com/containers/libpod/pkg/rootless" "github.com/docker/docker/daemon/caps" "github.com/docker/docker/pkg/mount" @@ -221,6 +222,12 @@ func CreateConfigToOCISpec(config *CreateConfig) (*spec.Spec, error) { //nolint } } + if config.Systemd && (strings.HasSuffix(config.Command[0], "init") || + strings.HasSuffix(config.Command[0], "systemd")) { + if err := setupSystemd(config, &g); err != nil { + return nil, errors.Wrap(err, "failed to setup systemd") + } + } for _, i := range config.Tmpfs { // Default options if nothing passed options := []string{"rw", "private", "noexec", "nosuid", "nodev", "size=65536k"} @@ -353,6 +360,42 @@ func blockAccessToKernelFilesystems(config *CreateConfig, g *generate.Generator) } } +// systemd expects to have /run, /run/lock and /tmp on tmpfs +// It also expects to be able to write to /sys/fs/cgroup/systemd and /var/log/journal + +func setupSystemd(config *CreateConfig, g *generate.Generator) error { + mounts, err := config.GetVolumeMounts([]spec.Mount{}) + if err != nil { + return err + } + options := []string{"rw", "private", "noexec", "nosuid", "nodev"} + for _, dest := range []string{"/run", "/run/lock", "/sys/fs/cgroup/systemd"} { + if libpod.MountExists(mounts, dest) { + continue + } + tmpfsMnt := spec.Mount{ + Destination: dest, + Type: "tmpfs", + Source: "tmpfs", + Options: append(options, "tmpcopyup", "size=65536k"), + } + g.AddMount(tmpfsMnt) + } + for _, dest := range []string{"/tmp", "/var/log/journal"} { + if libpod.MountExists(mounts, dest) { + continue + } + tmpfsMnt := spec.Mount{ + Destination: dest, + Type: "tmpfs", + Source: "tmpfs", + Options: append(options, "tmpcopyup"), + } + g.AddMount(tmpfsMnt) + } + return nil +} + func addPidNS(config *CreateConfig, g *generate.Generator) error { pidMode := config.PidMode if IsNS(string(pidMode)) { |