From 02264d597faa034c14393ab6c98591e85a2642ee Mon Sep 17 00:00:00 2001
From: Matthew Heon <matthew.heon@pm.me>
Date: Thu, 22 Aug 2019 11:21:20 -0400
Subject: Add support for 'exec', 'suid', 'dev' mount flags

Previously, we explicitly set noexec/nosuid/nodev on every mount,
with no ability to disable them. The 'mount' command on Linux
will accept their inverses without complaint, though - 'noexec'
is counteracted by 'exec', 'nosuid' by 'suid', etc. Add support
for passing these options at the command line to disable our
explicit forcing of security options.

This also cleans up mount option handling significantly. We are
still parsing options in more than one place, which isn't good,
but option parsing for bind and tmpfs mounts has been unified.

Fixes: #3819
Fixes: #3803

Signed-off-by: Matthew Heon <matthew.heon@pm.me>
---
 libpod/options.go | 7 ++++++-
 1 file changed, 6 insertions(+), 1 deletion(-)

(limited to 'libpod')

diff --git a/libpod/options.go b/libpod/options.go
index a7ddbec34..f4bf536b3 100644
--- a/libpod/options.go
+++ b/libpod/options.go
@@ -1360,10 +1360,15 @@ func WithNamedVolumes(volumes []*ContainerNamedVolume) CtrCreateOption {
 			}
 			destinations[vol.Dest] = true
 
+			mountOpts, err := util.ProcessOptions(vol.Options, false)
+			if err != nil {
+				return errors.Wrapf(err, "error processing options for named volume %q mounted at %q", vol.Name, vol.Dest)
+			}
+
 			ctr.config.NamedVolumes = append(ctr.config.NamedVolumes, &ContainerNamedVolume{
 				Name:    vol.Name,
 				Dest:    vol.Dest,
-				Options: util.ProcessOptions(vol.Options),
+				Options: mountOpts,
 			})
 		}
 
-- 
cgit v1.2.3-54-g00ecf