From df99522c6794cbf9ea77c4c314dadf9e9b5b2a54 Mon Sep 17 00:00:00 2001 From: Daniel J Walsh Date: Mon, 24 Dec 2018 06:55:24 -0500 Subject: Fixes to handle /dev/shm correctly. We had two problems with /dev/shm, first, you mount the container read/only then /dev/shm was mounted read/only. This is a bug a tmpfs directory should be read/write within a read-only container. The second problem is we were ignoring users mounted /dev/shm from the host. If user specified podman run -d -v /dev/shm:/dev/shm ... We were dropping this mount and still using the internal mount. Signed-off-by: Daniel J Walsh --- libpod/container_internal_linux.go | 5 +---- 1 file changed, 1 insertion(+), 4 deletions(-) (limited to 'libpod/container_internal_linux.go') diff --git a/libpod/container_internal_linux.go b/libpod/container_internal_linux.go index 93d20491e..0745b7732 100644 --- a/libpod/container_internal_linux.go +++ b/libpod/container_internal_linux.go @@ -210,9 +210,6 @@ func (c *Container) generateSpec(ctx context.Context) (*spec.Spec, error) { g.SetProcessSelinuxLabel(c.ProcessLabel()) g.SetLinuxMountLabel(c.MountLabel()) - // Remove the default /dev/shm mount to ensure we overwrite it - g.RemoveMount("/dev/shm") - // Add bind mounts to container for dstPath, srcPath := range c.state.BindMounts { newMount := spec.Mount{ @@ -221,7 +218,7 @@ func (c *Container) generateSpec(ctx context.Context) (*spec.Spec, error) { Destination: dstPath, Options: []string{"bind", "private"}, } - if c.IsReadOnly() { + if c.IsReadOnly() && dstPath != "/dev/shm" { newMount.Options = append(newMount.Options, "ro") } if !MountExists(g.Mounts(), dstPath) { -- cgit v1.2.3-54-g00ecf