From df99522c6794cbf9ea77c4c314dadf9e9b5b2a54 Mon Sep 17 00:00:00 2001
From: Daniel J Walsh <dwalsh@redhat.com>
Date: Mon, 24 Dec 2018 06:55:24 -0500
Subject: Fixes to handle /dev/shm correctly.

We had two problems with /dev/shm, first, you mount the
container read/only then /dev/shm was mounted read/only.
This is a bug a tmpfs directory should be read/write within
a read-only container.

The second problem is we were ignoring users mounted /dev/shm
from the host.

If user specified

podman run -d -v /dev/shm:/dev/shm ...

We were dropping this mount and still using the internal mount.

Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
---
 pkg/spec/spec.go | 2 ++
 1 file changed, 2 insertions(+)

(limited to 'pkg/spec')

diff --git a/pkg/spec/spec.go b/pkg/spec/spec.go
index c90f16f7c..3d6603364 100644
--- a/pkg/spec/spec.go
+++ b/pkg/spec/spec.go
@@ -52,6 +52,8 @@ func CreateConfigToOCISpec(config *CreateConfig) (*spec.Spec, error) { //nolint
 	if err != nil {
 		return nil, err
 	}
+	// Remove the default /dev/shm mount to ensure we overwrite it
+	g.RemoveMount("/dev/shm")
 	g.HostSpecific = true
 	addCgroup := true
 	canMountSys := true
-- 
cgit v1.2.3-54-g00ecf