diff options
author | Valentin Rothberg <vrothberg@redhat.com> | 2022-05-18 11:34:13 +0200 |
---|---|---|
committer | Valentin Rothberg <vrothberg@redhat.com> | 2022-05-23 13:59:05 +0200 |
commit | 633d5f1f8b8844d6e2fb3e2593768360c889ed76 (patch) | |
tree | d4af0146efdb6a9444414aa7e36d650cafa864d4 /pkg | |
parent | 769e777656e62172ccdd1b98989627d6dae57a96 (diff) | |
download | podman-633d5f1f8b8844d6e2fb3e2593768360c889ed76.tar.gz podman-633d5f1f8b8844d6e2fb3e2593768360c889ed76.tar.bz2 podman-633d5f1f8b8844d6e2fb3e2593768360c889ed76.zip |
fix --init with /dev bind mount
The init binary until now has been bind-mounted to /dev/init which
breaks when bind-mounting to /dev. Instead mount the init to
/run/podman-init. The reasoning for using /run is that it is already
used for other runtime data such as secrets.
Fixes: #14251
Signed-off-by: Valentin Rothberg <vrothberg@redhat.com>
Diffstat (limited to 'pkg')
-rw-r--r-- | pkg/specgen/generate/oci.go | 2 | ||||
-rw-r--r-- | pkg/specgen/generate/storage.go | 6 |
2 files changed, 3 insertions, 5 deletions
diff --git a/pkg/specgen/generate/oci.go b/pkg/specgen/generate/oci.go index 081df0441..dda2de6e4 100644 --- a/pkg/specgen/generate/oci.go +++ b/pkg/specgen/generate/oci.go @@ -128,7 +128,7 @@ func makeCommand(s *specgen.SpecGenerator, imageData *libimage.ImageData, rtc *c if initPath == "" { return nil, errors.Errorf("no path to init binary found but container requested an init") } - finalCommand = append([]string{"/dev/init", "--"}, finalCommand...) + finalCommand = append([]string{define.ContainerInitPath, "--"}, finalCommand...) } return finalCommand, nil diff --git a/pkg/specgen/generate/storage.go b/pkg/specgen/generate/storage.go index f30fc4671..0a4d03780 100644 --- a/pkg/specgen/generate/storage.go +++ b/pkg/specgen/generate/storage.go @@ -20,9 +20,7 @@ import ( "github.com/sirupsen/logrus" ) -var ( - errDuplicateDest = errors.Errorf("duplicate mount destination") -) +var errDuplicateDest = errors.Errorf("duplicate mount destination") // Produce final mounts and named volumes for a container func finalizeMounts(ctx context.Context, s *specgen.SpecGenerator, rt *libpod.Runtime, rtc *config.Config, img *libimage.Image) ([]spec.Mount, []*specgen.NamedVolume, []*specgen.OverlayVolume, error) { @@ -359,7 +357,7 @@ func getVolumesFrom(volumesFrom []string, runtime *libpod.Runtime) (map[string]s // This does *NOT* modify the container command - that must be done elsewhere. func addContainerInitBinary(s *specgen.SpecGenerator, path string) (spec.Mount, error) { mount := spec.Mount{ - Destination: "/dev/init", + Destination: define.ContainerInitPath, Type: define.TypeBind, Source: path, Options: []string{define.TypeBind, "ro"}, |