diff options
Diffstat (limited to 'pkg')
-rw-r--r-- | pkg/spec/createconfig.go | 7 | ||||
-rw-r--r-- | pkg/spec/spec.go | 43 |
2 files changed, 47 insertions, 3 deletions
diff --git a/pkg/spec/createconfig.go b/pkg/spec/createconfig.go index c7eaeb9f7..486281200 100644 --- a/pkg/spec/createconfig.go +++ b/pkg/spec/createconfig.go @@ -115,9 +115,10 @@ type CreateConfig struct { Resources CreateResourceConfig Rm bool //rm ShmDir string - StopSignal syscall.Signal // stop-signal - StopTimeout uint // stop-timeout - Sysctl map[string]string //sysctl + StopSignal syscall.Signal // stop-signal + StopTimeout uint // stop-timeout + Sysctl map[string]string //sysctl + Systemd bool Tmpfs []string // tmpfs Tty bool //tty UsernsMode container.UsernsMode //userns diff --git a/pkg/spec/spec.go b/pkg/spec/spec.go index 26b93f5fe..11bc880cb 100644 --- a/pkg/spec/spec.go +++ b/pkg/spec/spec.go @@ -4,6 +4,7 @@ import ( "os" "strings" + "github.com/containers/libpod/libpod" "github.com/containers/libpod/pkg/rootless" "github.com/docker/docker/daemon/caps" "github.com/docker/docker/pkg/mount" @@ -221,6 +222,12 @@ func CreateConfigToOCISpec(config *CreateConfig) (*spec.Spec, error) { //nolint } } + if config.Systemd && (strings.HasSuffix(config.Command[0], "init") || + strings.HasSuffix(config.Command[0], "systemd")) { + if err := setupSystemd(config, &g); err != nil { + return nil, errors.Wrap(err, "failed to setup systemd") + } + } for _, i := range config.Tmpfs { // Default options if nothing passed options := []string{"rw", "private", "noexec", "nosuid", "nodev", "size=65536k"} @@ -353,6 +360,42 @@ func blockAccessToKernelFilesystems(config *CreateConfig, g *generate.Generator) } } +// systemd expects to have /run, /run/lock and /tmp on tmpfs +// It also expects to be able to write to /sys/fs/cgroup/systemd and /var/log/journal + +func setupSystemd(config *CreateConfig, g *generate.Generator) error { + mounts, err := config.GetVolumeMounts([]spec.Mount{}) + if err != nil { + return err + } + options := []string{"rw", "private", "noexec", "nosuid", "nodev"} + for _, dest := range []string{"/run", "/run/lock", "/sys/fs/cgroup/systemd"} { + if libpod.MountExists(mounts, dest) { + continue + } + tmpfsMnt := spec.Mount{ + Destination: dest, + Type: "tmpfs", + Source: "tmpfs", + Options: append(options, "tmpcopyup", "size=65536k"), + } + g.AddMount(tmpfsMnt) + } + for _, dest := range []string{"/tmp", "/var/log/journal"} { + if libpod.MountExists(mounts, dest) { + continue + } + tmpfsMnt := spec.Mount{ + Destination: dest, + Type: "tmpfs", + Source: "tmpfs", + Options: append(options, "tmpcopyup"), + } + g.AddMount(tmpfsMnt) + } + return nil +} + func addPidNS(config *CreateConfig, g *generate.Generator) error { pidMode := config.PidMode if IsNS(string(pidMode)) { |