diff options
author | Giuseppe Scrivano <gscrivan@redhat.com> | 2019-01-18 17:12:23 +0100 |
---|---|---|
committer | Giuseppe Scrivano <gscrivan@redhat.com> | 2019-01-18 17:12:28 +0100 |
commit | 8156f8c69473f8a7f970ca4f1b4a5f01a99d368a (patch) | |
tree | 80d656d4d77330e58604377480f6cc00ccb2217f /pkg | |
parent | a2ab36d0d115718b5d08ccca9ff567de1d3db20a (diff) | |
download | podman-8156f8c69473f8a7f970ca4f1b4a5f01a99d368a.tar.gz podman-8156f8c69473f8a7f970ca4f1b4a5f01a99d368a.tar.bz2 podman-8156f8c69473f8a7f970ca4f1b4a5f01a99d368a.zip |
rootless: fix --pid=host without --privileged
When using --pid=host don't try to cover /proc paths, as they are
coming from the /proc bind mounted from the host.
Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
Diffstat (limited to 'pkg')
-rw-r--r-- | pkg/spec/spec.go | 4 |
1 files changed, 4 insertions, 0 deletions
diff --git a/pkg/spec/spec.go b/pkg/spec/spec.go index 9ef0223f2..46105af4a 100644 --- a/pkg/spec/spec.go +++ b/pkg/spec/spec.go @@ -376,6 +376,10 @@ func CreateConfigToOCISpec(config *CreateConfig) (*spec.Spec, error) { //nolint } func blockAccessToKernelFilesystems(config *CreateConfig, g *generate.Generator) { + if config.PidMode.IsHost() && rootless.IsRootless() { + return + } + if !config.Privileged { for _, mp := range []string{ "/proc/acpi", |