aboutsummaryrefslogtreecommitdiff
path: root/pkg
diff options
context:
space:
mode:
authorGiuseppe Scrivano <gscrivan@redhat.com>2019-01-10 10:06:37 +0100
committerGiuseppe Scrivano <gscrivan@redhat.com>2019-01-10 13:02:58 +0100
commit7ba38b375fc3ce4bb34dd86ca763c0359242497b (patch)
treecc3fc9ebb67df2def3877d3034d2b0665566698c /pkg
parent64627d910b2113fa2de6b949d846af379e75e305 (diff)
downloadpodman-7ba38b375fc3ce4bb34dd86ca763c0359242497b.tar.gz
podman-7ba38b375fc3ce4bb34dd86ca763c0359242497b.tar.bz2
podman-7ba38b375fc3ce4bb34dd86ca763c0359242497b.zip
createconfig: always cleanup a rootless container
the rootless container storage is always mounted in a different mount namespace, owned by the unprivileged user. Even if it is mounted, a process running in another namespace cannot reuse the already mounted storage. Make sure the storage is always cleaned up once the container terminates. This has worked with vfs since there is no real mounted storage. Closes: https://github.com/containers/libpod/issues/2112 Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
Diffstat (limited to 'pkg')
-rw-r--r--pkg/spec/createconfig.go4
1 files changed, 3 insertions, 1 deletions
diff --git a/pkg/spec/createconfig.go b/pkg/spec/createconfig.go
index ffc98e307..87fce7e2e 100644
--- a/pkg/spec/createconfig.go
+++ b/pkg/spec/createconfig.go
@@ -518,7 +518,9 @@ func (c *CreateConfig) GetContainerCreateOptions(runtime *libpod.Runtime) ([]lib
if c.CgroupParent != "" {
options = append(options, libpod.WithCgroupParent(c.CgroupParent))
}
- if c.Detach {
+ // For a rootless container always cleanup the storage/network as they
+ // run in a different namespace thus not reusable when we restart.
+ if c.Detach || rootless.IsRootless() {
options = append(options, libpod.WithExitCommand(c.createExitCommand()))
}