summaryrefslogtreecommitdiff
path: root/pkg/spec
diff options
context:
space:
mode:
authorMatthew Heon <matthew.heon@pm.me>2019-08-23 19:05:16 -0400
committerMatthew Heon <matthew.heon@pm.me>2019-08-28 14:28:18 -0400
commit96812dc490dbd00b0ec6280353a4e78ba79b44b8 (patch)
tree9205756a59c278a7d1e6dcd5409549e8a8b62978 /pkg/spec
parent820e242e821efda218031b75fce01625a20baa54 (diff)
downloadpodman-96812dc490dbd00b0ec6280353a4e78ba79b44b8.tar.gz
podman-96812dc490dbd00b0ec6280353a4e78ba79b44b8.tar.bz2
podman-96812dc490dbd00b0ec6280353a4e78ba79b44b8.zip
Fix addition of mount options when using RO tmpfs
For read-only containers set to create tmpfs filesystems over /run and other common destinations, we were incorrectly setting mount options, resulting in duplicate mount options. Signed-off-by: Matthew Heon <matthew.heon@pm.me>
Diffstat (limited to 'pkg/spec')
-rw-r--r--pkg/spec/storage.go6
1 files changed, 4 insertions, 2 deletions
diff --git a/pkg/spec/storage.go b/pkg/spec/storage.go
index 7ed21a055..bc0eaad6d 100644
--- a/pkg/spec/storage.go
+++ b/pkg/spec/storage.go
@@ -163,14 +163,16 @@ func (config *CreateConfig) parseVolumes(runtime *libpod.Runtime) ([]spec.Mount,
// If requested, add tmpfs filesystems for read-only containers.
if config.ReadOnlyRootfs && config.ReadOnlyTmpfs {
readonlyTmpfs := []string{"/tmp", "/var/tmp", "/run"}
- options := []string{"rw", "rprivate", "exec", "nosuid", "nodev", "tmpcopyup"}
+ options := []string{"rw", "rprivate", "nosuid", "nodev", "tmpcopyup"}
for _, dest := range readonlyTmpfs {
if _, ok := baseMounts[dest]; ok {
continue
}
localOpts := options
if dest == "/run" {
- localOpts = append(localOpts, "dev", "suid", "noexec", "size=65536k")
+ localOpts = append(localOpts, "noexec", "size=65536k")
+ } else {
+ localOpts = append(localOpts, "exec")
}
baseMounts[dest] = spec.Mount{
Destination: dest,