aboutsummaryrefslogtreecommitdiff
path: root/pkg
diff options
context:
space:
mode:
authorDaniel J Walsh <dwalsh@redhat.com>2020-10-29 13:31:55 -0400
committerDaniel J Walsh <dwalsh@redhat.com>2020-11-02 07:19:12 -0500
commit3ee44d942ed9ed8f0b5e0ad1f1949d4b8ffa95f9 (patch)
tree9f2043578fda18fc042a71bfc100e184b314fa19 /pkg
parent2aaa036f560e2c42ebb033869eeef539dbc47fef (diff)
downloadpodman-3ee44d942ed9ed8f0b5e0ad1f1949d4b8ffa95f9.tar.gz
podman-3ee44d942ed9ed8f0b5e0ad1f1949d4b8ffa95f9.tar.bz2
podman-3ee44d942ed9ed8f0b5e0ad1f1949d4b8ffa95f9.zip
Add better support for unbindable volume mounts
Allow users to specify unbindable on volume command line Switch internal mounts to rprivate to help prevent leaks. Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
Diffstat (limited to 'pkg')
-rw-r--r--pkg/spec/storage.go2
-rw-r--r--pkg/util/mountOpts.go2
2 files changed, 2 insertions, 2 deletions
diff --git a/pkg/spec/storage.go b/pkg/spec/storage.go
index ebf5ec196..b441daf08 100644
--- a/pkg/spec/storage.go
+++ b/pkg/spec/storage.go
@@ -445,7 +445,7 @@ func getBindMount(args []string) (spec.Mount, error) {
}
setExec = true
newMount.Options = append(newMount.Options, kv[0])
- case "shared", "rshared", "private", "rprivate", "slave", "rslave", "Z", "z":
+ case "shared", "rshared", "private", "rprivate", "slave", "rslave", "unbindable", "runbindable", "Z", "z":
newMount.Options = append(newMount.Options, kv[0])
case "bind-propagation":
if len(kv) == 1 {
diff --git a/pkg/util/mountOpts.go b/pkg/util/mountOpts.go
index eab2657e3..580aaf4f2 100644
--- a/pkg/util/mountOpts.go
+++ b/pkg/util/mountOpts.go
@@ -57,7 +57,7 @@ func ProcessOptions(options []string, isTmpfs bool, sourcePath string) ([]string
return nil, errors.Wrapf(ErrDupeMntOption, "only one of 'rw' and 'ro' can be used")
}
foundWrite = true
- case "private", "rprivate", "slave", "rslave", "shared", "rshared":
+ case "private", "rprivate", "slave", "rslave", "shared", "rshared", "unbindable", "runbindable":
if foundProp {
return nil, errors.Wrapf(ErrDupeMntOption, "only one root propagation mode can be used")
}