summaryrefslogtreecommitdiff
path: root/libpod
diff options
context:
space:
mode:
Diffstat (limited to 'libpod')
-rw-r--r--libpod/container_internal.go19
1 files changed, 19 insertions, 0 deletions
diff --git a/libpod/container_internal.go b/libpod/container_internal.go
index a338a1776..4bfdfae9d 100644
--- a/libpod/container_internal.go
+++ b/libpod/container_internal.go
@@ -22,6 +22,7 @@ import (
"github.com/pkg/errors"
crioAnnotations "github.com/projectatomic/libpod/pkg/annotations"
"github.com/projectatomic/libpod/pkg/chrootuser"
+ "github.com/projectatomic/libpod/pkg/secrets"
"github.com/projectatomic/libpod/pkg/util"
"github.com/sirupsen/logrus"
"github.com/ulule/deepcopier"
@@ -681,9 +682,27 @@ func (c *Container) makeBindMounts() error {
c.state.BindMounts["/run/.containerenv"] = containerenvPath
}
+ // Add Secret Mounts
+ secretMounts := c.getSecretMounts(secrets.OverrideMountsFile)
+ secretMounts = append(secretMounts, c.getSecretMounts(secrets.DefaultMountsFile)...)
+ for _, mount := range secretMounts {
+ if _, ok := c.state.BindMounts[mount.Destination]; !ok {
+ c.state.BindMounts[mount.Destination] = mount.Source
+ }
+ }
+
return nil
}
+// addSecrets mounts the secrets from the override and/or default mounts file
+func (c *Container) getSecretMounts(mountFile string) (secretMounts []spec.Mount) {
+ secretMounts, err := secrets.SecretMounts(mountFile, c.config.MountLabel, c.state.RunDir)
+ if err != nil {
+ logrus.Warn("error mounting secrets, skipping...")
+ }
+ return secretMounts
+}
+
// writeStringToRundir copies the provided file to the runtimedir
func (c *Container) writeStringToRundir(destFile, output string) (string, error) {
destFileName := filepath.Join(c.state.RunDir, destFile)