aboutsummaryrefslogtreecommitdiff
diff options
context:
space:
mode:
-rw-r--r--cmd/kpod/spec.go17
1 files changed, 14 insertions, 3 deletions
diff --git a/cmd/kpod/spec.go b/cmd/kpod/spec.go
index abb1cba5b..611a3cc56 100644
--- a/cmd/kpod/spec.go
+++ b/cmd/kpod/spec.go
@@ -6,6 +6,7 @@ import (
"strings"
"github.com/docker/docker/daemon/caps"
+ "github.com/docker/docker/pkg/mount"
spec "github.com/opencontainers/runtime-spec/specs-go"
"github.com/opencontainers/runtime-tools/generate"
"github.com/pkg/errors"
@@ -110,6 +111,19 @@ func createConfigToOCISpec(config *createConfig) (*spec.Spec, error) {
g.SetLinuxResourcesPidsLimit(config.resources.pidsLimit)
}
+ for _, i := range config.tmpfs {
+ options := []string{"rw", "noexec", "nosuid", "nodev", "size=65536k"}
+ spliti := strings.SplitN(i, ":", 2)
+ if len(spliti) > 1 {
+ if _, _, err := mount.ParseTmpfsOptions(spliti[1]); err != nil {
+ return nil, err
+ }
+ options = strings.Split(spliti[1], ",")
+ }
+ // Default options if nothing passed
+ g.AddTmpfsMount(spliti[0], options)
+ }
+
configSpec := g.Spec()
if config.seccompProfilePath != "" && config.seccompProfilePath != "unconfined" {
@@ -129,9 +143,6 @@ func createConfigToOCISpec(config *createConfig) (*spec.Spec, error) {
// BIND MOUNTS
configSpec.Mounts = append(configSpec.Mounts, config.GetVolumeMounts()...)
- // TMPFS MOUNTS
- configSpec.Mounts = append(configSpec.Mounts, config.GetTmpfsMounts()...)
-
// HANDLE CAPABILITIES
if err := setupCapabilities(config, configSpec); err != nil {
return nil, err