From 006a8bd6f341358bd2917c69466fb5968de78d99 Mon Sep 17 00:00:00 2001 From: Daniel J Walsh Date: Sun, 5 Nov 2017 22:01:54 +0000 Subject: Convert tmpfs mounts to use generate Signed-off-by: Daniel J Walsh Closes: #19 Approved by: baude --- cmd/kpod/spec.go | 17 ++++++++++++++--- 1 file changed, 14 insertions(+), 3 deletions(-) (limited to 'cmd') diff --git a/cmd/kpod/spec.go b/cmd/kpod/spec.go index abb1cba5b..611a3cc56 100644 --- a/cmd/kpod/spec.go +++ b/cmd/kpod/spec.go @@ -6,6 +6,7 @@ import ( "strings" "github.com/docker/docker/daemon/caps" + "github.com/docker/docker/pkg/mount" spec "github.com/opencontainers/runtime-spec/specs-go" "github.com/opencontainers/runtime-tools/generate" "github.com/pkg/errors" @@ -110,6 +111,19 @@ func createConfigToOCISpec(config *createConfig) (*spec.Spec, error) { g.SetLinuxResourcesPidsLimit(config.resources.pidsLimit) } + for _, i := range config.tmpfs { + options := []string{"rw", "noexec", "nosuid", "nodev", "size=65536k"} + spliti := strings.SplitN(i, ":", 2) + if len(spliti) > 1 { + if _, _, err := mount.ParseTmpfsOptions(spliti[1]); err != nil { + return nil, err + } + options = strings.Split(spliti[1], ",") + } + // Default options if nothing passed + g.AddTmpfsMount(spliti[0], options) + } + configSpec := g.Spec() if config.seccompProfilePath != "" && config.seccompProfilePath != "unconfined" { @@ -129,9 +143,6 @@ func createConfigToOCISpec(config *createConfig) (*spec.Spec, error) { // BIND MOUNTS configSpec.Mounts = append(configSpec.Mounts, config.GetVolumeMounts()...) - // TMPFS MOUNTS - configSpec.Mounts = append(configSpec.Mounts, config.GetTmpfsMounts()...) - // HANDLE CAPABILITIES if err := setupCapabilities(config, configSpec); err != nil { return nil, err -- cgit v1.2.3-54-g00ecf