summaryrefslogtreecommitdiff
path: root/pkg/spec
diff options
context:
space:
mode:
Diffstat (limited to 'pkg/spec')
-rw-r--r--pkg/spec/createconfig.go7
-rw-r--r--pkg/spec/spec.go43
2 files changed, 47 insertions, 3 deletions
diff --git a/pkg/spec/createconfig.go b/pkg/spec/createconfig.go
index c7eaeb9f7..486281200 100644
--- a/pkg/spec/createconfig.go
+++ b/pkg/spec/createconfig.go
@@ -115,9 +115,10 @@ type CreateConfig struct {
Resources CreateResourceConfig
Rm bool //rm
ShmDir string
- StopSignal syscall.Signal // stop-signal
- StopTimeout uint // stop-timeout
- Sysctl map[string]string //sysctl
+ StopSignal syscall.Signal // stop-signal
+ StopTimeout uint // stop-timeout
+ Sysctl map[string]string //sysctl
+ Systemd bool
Tmpfs []string // tmpfs
Tty bool //tty
UsernsMode container.UsernsMode //userns
diff --git a/pkg/spec/spec.go b/pkg/spec/spec.go
index 26b93f5fe..11bc880cb 100644
--- a/pkg/spec/spec.go
+++ b/pkg/spec/spec.go
@@ -4,6 +4,7 @@ import (
"os"
"strings"
+ "github.com/containers/libpod/libpod"
"github.com/containers/libpod/pkg/rootless"
"github.com/docker/docker/daemon/caps"
"github.com/docker/docker/pkg/mount"
@@ -221,6 +222,12 @@ func CreateConfigToOCISpec(config *CreateConfig) (*spec.Spec, error) { //nolint
}
}
+ if config.Systemd && (strings.HasSuffix(config.Command[0], "init") ||
+ strings.HasSuffix(config.Command[0], "systemd")) {
+ if err := setupSystemd(config, &g); err != nil {
+ return nil, errors.Wrap(err, "failed to setup systemd")
+ }
+ }
for _, i := range config.Tmpfs {
// Default options if nothing passed
options := []string{"rw", "private", "noexec", "nosuid", "nodev", "size=65536k"}
@@ -353,6 +360,42 @@ func blockAccessToKernelFilesystems(config *CreateConfig, g *generate.Generator)
}
}
+// systemd expects to have /run, /run/lock and /tmp on tmpfs
+// It also expects to be able to write to /sys/fs/cgroup/systemd and /var/log/journal
+
+func setupSystemd(config *CreateConfig, g *generate.Generator) error {
+ mounts, err := config.GetVolumeMounts([]spec.Mount{})
+ if err != nil {
+ return err
+ }
+ options := []string{"rw", "private", "noexec", "nosuid", "nodev"}
+ for _, dest := range []string{"/run", "/run/lock", "/sys/fs/cgroup/systemd"} {
+ if libpod.MountExists(mounts, dest) {
+ continue
+ }
+ tmpfsMnt := spec.Mount{
+ Destination: dest,
+ Type: "tmpfs",
+ Source: "tmpfs",
+ Options: append(options, "tmpcopyup", "size=65536k"),
+ }
+ g.AddMount(tmpfsMnt)
+ }
+ for _, dest := range []string{"/tmp", "/var/log/journal"} {
+ if libpod.MountExists(mounts, dest) {
+ continue
+ }
+ tmpfsMnt := spec.Mount{
+ Destination: dest,
+ Type: "tmpfs",
+ Source: "tmpfs",
+ Options: append(options, "tmpcopyup"),
+ }
+ g.AddMount(tmpfsMnt)
+ }
+ return nil
+}
+
func addPidNS(config *CreateConfig, g *generate.Generator) error {
pidMode := config.PidMode
if IsNS(string(pidMode)) {