From 1e8ef3c89756fbc7a9263c3c6c211c818c814c81 Mon Sep 17 00:00:00 2001 From: Giuseppe Scrivano Date: Fri, 1 Jun 2018 13:10:14 +0200 Subject: container: do not add shm in rootless mode Signed-off-by: Giuseppe Scrivano Closes: #871 Approved by: mheon --- libpod/container_internal.go | 33 +++++++++++++++++---------------- 1 file changed, 17 insertions(+), 16 deletions(-) diff --git a/libpod/container_internal.go b/libpod/container_internal.go index b3e474836..4f5d7f0fd 100644 --- a/libpod/container_internal.go +++ b/libpod/container_internal.go @@ -685,26 +685,27 @@ func (c *Container) mountStorage() (err error) { return nil } - // TODO: generalize this mount code so it will mount every mount in ctr.config.Mounts - - mounted, err := mount.Mounted(c.config.ShmDir) - if err != nil { - return errors.Wrapf(err, "unable to determine if %q is mounted", c.config.ShmDir) - } - - if err := os.Chown(c.config.ShmDir, c.RootUID(), c.RootGID()); err != nil { - return err - } - - if !mounted { - shmOptions := fmt.Sprintf("mode=1777,size=%d", c.config.ShmSize) - if err := unix.Mount("shm", c.config.ShmDir, "tmpfs", unix.MS_NOEXEC|unix.MS_NOSUID|unix.MS_NODEV, - label.FormatMountLabel(shmOptions, c.config.MountLabel)); err != nil { - return errors.Wrapf(err, "failed to mount shm tmpfs %q", c.config.ShmDir) + if os.Getuid() == 0 { + // TODO: generalize this mount code so it will mount every mount in ctr.config.Mounts + mounted, err := mount.Mounted(c.config.ShmDir) + if err != nil { + return errors.Wrapf(err, "unable to determine if %q is mounted", c.config.ShmDir) } + if err := os.Chown(c.config.ShmDir, c.RootUID(), c.RootGID()); err != nil { return errors.Wrapf(err, "failed to chown %s", c.config.ShmDir) } + + if !mounted { + shmOptions := fmt.Sprintf("mode=1777,size=%d", c.config.ShmSize) + if err := unix.Mount("shm", c.config.ShmDir, "tmpfs", unix.MS_NOEXEC|unix.MS_NOSUID|unix.MS_NODEV, + label.FormatMountLabel(shmOptions, c.config.MountLabel)); err != nil { + return errors.Wrapf(err, "failed to mount shm tmpfs %q", c.config.ShmDir) + } + if err := os.Chown(c.config.ShmDir, c.RootUID(), c.RootGID()); err != nil { + return errors.Wrapf(err, "failed to chown %s", c.config.ShmDir) + } + } } mountPoint := c.config.Rootfs -- cgit v1.2.3-54-g00ecf