Merge pull request #2186 from giuseppe/rootless-fix-pid-host

rootless: fix --pid=host without --privileged
author: OpenShift Merge Robot <openshift-merge-robot@users.noreply.github.com> 2019-01-18 19:29:50 +0100
committer: GitHub <noreply@github.com> 2019-01-18 19:29:50 +0100
commit: 37002ad549fc6bd5dd7cb126433d3a9580451a70 (patch)
tree: 46e76565383169cc3c60c5da0ad04beae4e326b0 /pkg/spec/spec.go
parent: 27de1c19e9387949e4b600fca6d6d6434818abe7 (diff)
parent: 8156f8c69473f8a7f970ca4f1b4a5f01a99d368a (diff)
download: podman-37002ad549fc6bd5dd7cb126433d3a9580451a70.tar.gz
podman-37002ad549fc6bd5dd7cb126433d3a9580451a70.tar.bz2
podman-37002ad549fc6bd5dd7cb126433d3a9580451a70.zip
1 files changed, 4 insertions, 0 deletions
diff --git a/pkg/spec/spec.go b/pkg/spec/spec.go
index 9ef0223f2..46105af4a 100644
--- a/pkg/spec/spec.go
+++ b/pkg/spec/spec.go
@@ -376,6 +376,10 @@ func CreateConfigToOCISpec(config *CreateConfig) (*spec.Spec, error) { //nolint
 }
 
 func blockAccessToKernelFilesystems(config *CreateConfig, g *generate.Generator) {
+	if config.PidMode.IsHost() && rootless.IsRootless() {
+		return
+	}
+
 	if !config.Privileged {
 		for _, mp := range []string{
 			"/proc/acpi",
author	OpenShift Merge Robot <openshift-merge-robot@users.noreply.github.com>	2019-01-18 19:29:50 +0100
committer	GitHub <noreply@github.com>	2019-01-18 19:29:50 +0100
commit	37002ad549fc6bd5dd7cb126433d3a9580451a70 (patch)
tree	46e76565383169cc3c60c5da0ad04beae4e326b0 /pkg/spec/spec.go
parent	27de1c19e9387949e4b600fca6d6d6434818abe7 (diff)
parent	8156f8c69473f8a7f970ca4f1b4a5f01a99d368a (diff)
download	podman-37002ad549fc6bd5dd7cb126433d3a9580451a70.tar.gz podman-37002ad549fc6bd5dd7cb126433d3a9580451a70.tar.bz2 podman-37002ad549fc6bd5dd7cb126433d3a9580451a70.zip