summaryrefslogtreecommitdiff
path: root/pkg/secrets
Commit message (Collapse)AuthorAge
* secrets: fix fips-mode with user namespacesGiuseppe Scrivano2019-02-27
| | | | | | | | | | When using a user namespace, we create the mount point under `mountPrefix` so that the uid != 0 can access that directory. Change the addFIPSModeSecret code to honor that, and also ensure we are creating the directories with the right ownership. Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
* rootless: create empty mounts.conf if it doesn't existGiuseppe Scrivano2018-11-19
| | | | Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
* Swap default mount propagation from private to rprivateMatthew Heon2018-09-13
| | | | | | | | | | This matches Docker behavior more closely and should resolve an issue we were seeing with /sys mounts Signed-off-by: Matthew Heon <matthew.heon@gmail.com> Closes: #1465 Approved by: rhatdan
* Fix Mount PropagationGiuseppe Scrivano2018-08-27
| | | | | | | | | Default mount propagation inside of containes should be private Signed-off-by: Daniel J Walsh <dwalsh@redhat.com> Closes: #1305 Approved by: mheon
* switch projectatomic to containersDaniel J Walsh2018-08-16
| | | | | | | | | | Need to get some small changes into libpod to pull back into buildah to complete buildah transition. Signed-off-by: Daniel J Walsh <dwalsh@redhat.com> Closes: #1270 Approved by: mheon
* rootless: support a per-user mounts.confGiuseppe Scrivano2018-07-20
| | | | Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
* secrets: parse only one mounts configuration fileGiuseppe Scrivano2018-07-20
| | | | Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
* Want to change the log level on buildah by default to warnfDaniel J Walsh2018-06-04
| | | | | | | | | | | | | | | Change the level of missing /etc/containers/mount.conf to a debug, since this is expected on most machines. Also raised the level of some warnings to errors, so they will be better seen, even if we are skipping. Fixed the wording of one error, since stating is not the correct word. Signed-off-by: Daniel J Walsh <dwalsh@redhat.com> Closes: #882 Approved by: mheon
* Rename addFIPSsModeSecret to addFIPSModeSecretJhon Honce2018-05-25
| | | | | | | Signed-off-by: Jhon Honce <jhonce@redhat.com> Closes: #833 Approved by: mheon
* Spell check strings and commentsJhon Honce2018-05-25
| | | | | | | Signed-off-by: Jhon Honce <jhonce@redhat.com> Closes: #831 Approved by: rhatdan
* podman, userNS: configure an intermediate mount namespaceGiuseppe Scrivano2018-05-04
| | | | | | | Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com> Closes: #690 Approved by: mheon
* Begin wiring in USERNS Support into podmanDaniel J Walsh2018-05-04
| | | | | | | Signed-off-by: Daniel J Walsh <dwalsh@redhat.com> Closes: #690 Approved by: mheon
* Modify secrets pkgumohnani82018-04-27
| | | | | | | | | | | Made a mistake in my earlier patch. I though that if you add an empty string to an array, the length of the array would still be 0... Realised this when vendoring the secrets pkg into cri-o. Signed-off-by: umohnani8 <umohnani@redhat.com> Closes: #685 Approved by: mheon
* Add --default-mounts-file hidden flagumohnani82018-04-26
| | | | | | | | | | | The hidden flag is used to override the path of the default mounts file for testing purposes. Also modified the secrets pkg to allow for this override to happen. Signed-off-by: umohnani8 <umohnani@redhat.com> Closes: #678 Approved by: mheon
* Add FIPS mode secretumohnani82018-04-23
| | | | | | | | If the host is in FIPS mode and /etc/system-fips exists /run/secrets/system-fips is created in the container so that the container can run in FIPS mode as well. Signed-off-by: umohnani8 <umohnani@redhat.com>
* Fix secrets patchumohnani82018-04-13
| | | | | | | | | | | The secrets code was just tarring and copying the contents of the secrets directory on host as is. This meant it was not accounting for any symlinks inside the directory, leading up to the contents not being copied over. Signed-off-by: umohnani8 <umohnani@redhat.com> Closes: #611 Approved by: mheon
* Add secrets patch to podmanumohnani82018-03-29
Adds support for mounting secrets especially on RHEL where the container can use the host subsription to run yum Signed-off-by: umohnani8 <umohnani@redhat.com> Closes: #544 Approved by: rhatdan