diff options
| author | Giuseppe Scrivano <gscrivan@redhat.com> | 2019-01-18 17:12:23 +0100 |
|---|---|---|
| committer | Matthew Heon <matthew.heon@pm.me> | 2019-02-08 15:02:28 -0500 |
| commit | 2ba7b991b2bae4148eef977136c57f9da828f9bf (patch) | |
| tree | 079d66c7dd95efd884df6c2939f2d0c4b970ab58 /pkg | |
| parent | 2265038a55f81d559b135e5b8384959b1cd4cbfd (diff) | |
| download | podman-2ba7b991b2bae4148eef977136c57f9da828f9bf.tar.gz podman-2ba7b991b2bae4148eef977136c57f9da828f9bf.tar.bz2 podman-2ba7b991b2bae4148eef977136c57f9da828f9bf.zip | |
rootless: fix --pid=host without --privileged
When using --pid=host don't try to cover /proc paths, as they are
coming from the /proc bind mounted from the host.
Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
Diffstat (limited to 'pkg')
| -rw-r--r-- | pkg/spec/spec.go | 4 |
1 files changed, 4 insertions, 0 deletions
diff --git a/pkg/spec/spec.go b/pkg/spec/spec.go index 9ef0223f2..46105af4a 100644 --- a/pkg/spec/spec.go +++ b/pkg/spec/spec.go @@ -376,6 +376,10 @@ func CreateConfigToOCISpec(config *CreateConfig) (*spec.Spec, error) { //nolint } func blockAccessToKernelFilesystems(config *CreateConfig, g *generate.Generator) { + if config.PidMode.IsHost() && rootless.IsRootless() { + return + } + if !config.Privileged { for _, mp := range []string{ "/proc/acpi", |