diff options
Diffstat (limited to 'pkg/spec/storage.go')
| -rw-r--r-- | pkg/spec/storage.go | 22 |
1 files changed, 14 insertions, 8 deletions
diff --git a/pkg/spec/storage.go b/pkg/spec/storage.go index 095534589..dbdab0030 100644 --- a/pkg/spec/storage.go +++ b/pkg/spec/storage.go @@ -136,9 +136,9 @@ func (config *CreateConfig) parseVolumes(runtime *libpod.Runtime) ([]spec.Mount, unifiedMounts[initMount.Destination] = initMount } - // Before superceding, we need to find volume mounts which conflict with + // Before superseding, we need to find volume mounts which conflict with // named volumes, and vice versa. - // We'll delete the conflicts here as we supercede. + // We'll delete the conflicts here as we supersede. for dest := range unifiedMounts { if _, ok := baseVolumes[dest]; ok { delete(baseVolumes, dest) @@ -150,7 +150,7 @@ func (config *CreateConfig) parseVolumes(runtime *libpod.Runtime) ([]spec.Mount, } } - // Supercede volumes-from/image volumes with unified volumes from above. + // Supersede volumes-from/image volumes with unified volumes from above. // This is an unconditional replacement. for dest, mount := range unifiedMounts { baseMounts[dest] = mount @@ -160,7 +160,7 @@ func (config *CreateConfig) parseVolumes(runtime *libpod.Runtime) ([]spec.Mount, } // If requested, add tmpfs filesystems for read-only containers. - if config.ReadOnlyRootfs && config.ReadOnlyTmpfs { + if config.Security.ReadOnlyRootfs && config.Security.ReadOnlyTmpfs { readonlyTmpfs := []string{"/tmp", "/var/tmp", "/run"} options := []string{"rw", "rprivate", "nosuid", "nodev", "tmpcopyup"} for _, dest := range readonlyTmpfs { @@ -336,7 +336,7 @@ func (config *CreateConfig) getMounts() (map[string]spec.Mount, map[string]*libp // TODO(vrothberg): the manual parsing can be replaced with a regular expression // to allow a more robust parsing of the mount format and to give - // precise errors regarding supported format versus suppored options. + // precise errors regarding supported format versus supported options. for _, mount := range config.MountsFlag { arr := strings.SplitN(mount, ",", 2) if len(arr) < 2 { @@ -514,11 +514,17 @@ func getTmpfsMount(args []string) (spec.Mount, error) { Source: TypeTmpfs, } - var setDest, setRORW, setSuid, setDev, setExec bool + var setDest, setRORW, setSuid, setDev, setExec, setTmpcopyup bool for _, val := range args { kv := strings.Split(val, "=") switch kv[0] { + case "tmpcopyup", "notmpcopyup": + if setTmpcopyup { + return newMount, errors.Wrapf(optionArgError, "cannot pass 'tmpcopyup' and 'notmpcopyup' options more than once") + } + setTmpcopyup = true + newMount.Options = append(newMount.Options, kv[0]) case "ro", "rw": if setRORW { return newMount, errors.Wrapf(optionArgError, "cannot pass 'ro' and 'rw' options more than once") @@ -801,7 +807,7 @@ func (config *CreateConfig) addContainerInitBinary(path string) (spec.Mount, err if path == "" { return mount, fmt.Errorf("please specify a path to the container-init binary") } - if !config.PidMode.IsPrivate() { + if !config.Pid.PidMode.IsPrivate() { return mount, fmt.Errorf("cannot add init binary as PID 1 (PID namespace isn't private)") } if config.Systemd { @@ -814,7 +820,7 @@ func (config *CreateConfig) addContainerInitBinary(path string) (spec.Mount, err return mount, nil } -// Supercede existing mounts in the spec with new, user-specified mounts. +// Supersede existing mounts in the spec with new, user-specified mounts. // TODO: Should we unmount subtree mounts? E.g., if /tmp/ is mounted by // one mount, and we already have /tmp/a and /tmp/b, should we remove // the /tmp/a and /tmp/b mounts in favor of the more general /tmp? |