From 4e5e9dbec2313b07a4c10ddfd5bc7d23e3fa34f6 Mon Sep 17 00:00:00 2001 From: Giuseppe Scrivano Date: Wed, 6 Nov 2019 21:36:18 +0100 Subject: mount: add new options nocopyup|copyup for tmpfs add a way to disable tmpcopyup for tmpfs. Signed-off-by: Giuseppe Scrivano --- pkg/spec/storage.go | 8 +++++++- pkg/util/mountOpts.go | 31 ++++++++++++++++++++++--------- 2 files changed, 29 insertions(+), 10 deletions(-) (limited to 'pkg') diff --git a/pkg/spec/storage.go b/pkg/spec/storage.go index 095534589..e30bdfc67 100644 --- a/pkg/spec/storage.go +++ b/pkg/spec/storage.go @@ -514,11 +514,17 @@ func getTmpfsMount(args []string) (spec.Mount, error) { Source: TypeTmpfs, } - var setDest, setRORW, setSuid, setDev, setExec bool + var setDest, setRORW, setSuid, setDev, setExec, setTmpcopyup bool for _, val := range args { kv := strings.Split(val, "=") switch kv[0] { + case "tmpcopyup", "notmpcopyup": + if setTmpcopyup { + return newMount, errors.Wrapf(optionArgError, "cannot pass 'tmpcopyup' and 'notmpcopyup' options more than once") + } + setTmpcopyup = true + newMount.Options = append(newMount.Options, kv[0]) case "ro", "rw": if setRORW { return newMount, errors.Wrapf(optionArgError, "cannot pass 'ro' and 'rw' options more than once") diff --git a/pkg/util/mountOpts.go b/pkg/util/mountOpts.go index 670daeaf9..d21800bc3 100644 --- a/pkg/util/mountOpts.go +++ b/pkg/util/mountOpts.go @@ -30,6 +30,8 @@ func ProcessOptions(options []string, isTmpfs bool, defaults *DefaultMountOption foundWrite, foundSize, foundProp, foundMode, foundExec, foundSuid, foundDev, foundCopyUp, foundBind, foundZ bool ) + var newOptions []string + for _, opt := range options { // Some options have parameters - size, mode splitOpt := strings.SplitN(opt, "=", 2) @@ -80,9 +82,19 @@ func ProcessOptions(options []string, isTmpfs bool, defaults *DefaultMountOption return nil, errors.Wrapf(ErrBadMntOption, "the 'tmpcopyup' option is only allowed with tmpfs mounts") } if foundCopyUp { - return nil, errors.Wrapf(ErrDupeMntOption, "the 'tmpcopyup' option can only be set once") + return nil, errors.Wrapf(ErrDupeMntOption, "the 'tmpcopyup' or 'notmpcopyup' option can only be set once") + } + foundCopyUp = true + case "notmpcopyup": + if !isTmpfs { + return nil, errors.Wrapf(ErrBadMntOption, "the 'notmpcopyup' option is only allowed with tmpfs mounts") + } + if foundCopyUp { + return nil, errors.Wrapf(ErrDupeMntOption, "the 'tmpcopyup' or 'notmpcopyup' option can only be set once") } foundCopyUp = true + // do not propagate notmpcopyup to the OCI runtime + continue case "bind", "rbind": if isTmpfs { return nil, errors.Wrapf(ErrBadMntOption, "the 'bind' and 'rbind' options are not allowed with tmpfs mounts") @@ -101,29 +113,30 @@ func ProcessOptions(options []string, isTmpfs bool, defaults *DefaultMountOption default: return nil, errors.Wrapf(ErrBadMntOption, "unknown mount option %q", opt) } + newOptions = append(newOptions, opt) } if !foundWrite { - options = append(options, "rw") + newOptions = append(newOptions, "rw") } if !foundProp { - options = append(options, "rprivate") + newOptions = append(newOptions, "rprivate") } if !foundExec && (defaults == nil || defaults.Noexec) { - options = append(options, "noexec") + newOptions = append(newOptions, "noexec") } if !foundSuid && (defaults == nil || defaults.Nosuid) { - options = append(options, "nosuid") + newOptions = append(newOptions, "nosuid") } if !foundDev && (defaults == nil || defaults.Nodev) { - options = append(options, "nodev") + newOptions = append(newOptions, "nodev") } if isTmpfs && !foundCopyUp { - options = append(options, "tmpcopyup") + newOptions = append(newOptions, "tmpcopyup") } if !isTmpfs && !foundBind { - options = append(options, "rbind") + newOptions = append(newOptions, "rbind") } - return options, nil + return newOptions, nil } -- cgit v1.2.3-54-g00ecf