From 57afb7514d5c123779601cae77d016bf6de8a5f1 Mon Sep 17 00:00:00 2001 From: umohnani8 Date: Thu, 19 Apr 2018 10:25:01 -0400 Subject: Add FIPS mode secret If the host is in FIPS mode and /etc/system-fips exists /run/secrets/system-fips is created in the container so that the container can run in FIPS mode as well. Signed-off-by: umohnani8 --- libpod/container_internal.go | 14 +++----------- 1 file changed, 3 insertions(+), 11 deletions(-) (limited to 'libpod') diff --git a/libpod/container_internal.go b/libpod/container_internal.go index 32f8d2aec..62960fa0f 100644 --- a/libpod/container_internal.go +++ b/libpod/container_internal.go @@ -754,8 +754,7 @@ func (c *Container) makeBindMounts() error { } // Add Secret Mounts - secretMounts := c.getSecretMounts(secrets.OverrideMountsFile) - secretMounts = append(secretMounts, c.getSecretMounts(secrets.DefaultMountsFile)...) + secretMounts := secrets.SecretMounts(c.config.MountLabel, c.state.RunDir) for _, mount := range secretMounts { if _, ok := c.state.BindMounts[mount.Destination]; !ok { c.state.BindMounts[mount.Destination] = mount.Source @@ -765,15 +764,6 @@ func (c *Container) makeBindMounts() error { return nil } -// addSecrets mounts the secrets from the override and/or default mounts file -func (c *Container) getSecretMounts(mountFile string) (secretMounts []spec.Mount) { - secretMounts, err := secrets.SecretMounts(mountFile, c.config.MountLabel, c.state.RunDir) - if err != nil { - logrus.Warn("error mounting secrets, skipping...") - } - return secretMounts -} - // writeStringToRundir copies the provided file to the runtimedir func (c *Container) writeStringToRundir(destFile, output string) (string, error) { destFileName := filepath.Join(c.state.RunDir, destFile) @@ -932,6 +922,8 @@ func (c *Container) generateSpec(ctx context.Context) (*spec.Spec, error) { } if !MountExists(g.Mounts(), dstPath) { g.AddMount(newMount) + } else { + logrus.Warnf("User mount overriding libpod mount at %q", dstPath) } } -- cgit v1.2.3-54-g00ecf