From 96812dc490dbd00b0ec6280353a4e78ba79b44b8 Mon Sep 17 00:00:00 2001 From: Matthew Heon Date: Fri, 23 Aug 2019 19:05:16 -0400 Subject: Fix addition of mount options when using RO tmpfs For read-only containers set to create tmpfs filesystems over /run and other common destinations, we were incorrectly setting mount options, resulting in duplicate mount options. Signed-off-by: Matthew Heon --- pkg/spec/storage.go | 6 ++++-- pkg/util/mountOpts.go | 2 +- 2 files changed, 5 insertions(+), 3 deletions(-) (limited to 'pkg') diff --git a/pkg/spec/storage.go b/pkg/spec/storage.go index 7ed21a055..bc0eaad6d 100644 --- a/pkg/spec/storage.go +++ b/pkg/spec/storage.go @@ -163,14 +163,16 @@ func (config *CreateConfig) parseVolumes(runtime *libpod.Runtime) ([]spec.Mount, // If requested, add tmpfs filesystems for read-only containers. if config.ReadOnlyRootfs && config.ReadOnlyTmpfs { readonlyTmpfs := []string{"/tmp", "/var/tmp", "/run"} - options := []string{"rw", "rprivate", "exec", "nosuid", "nodev", "tmpcopyup"} + options := []string{"rw", "rprivate", "nosuid", "nodev", "tmpcopyup"} for _, dest := range readonlyTmpfs { if _, ok := baseMounts[dest]; ok { continue } localOpts := options if dest == "/run" { - localOpts = append(localOpts, "dev", "suid", "noexec", "size=65536k") + localOpts = append(localOpts, "noexec", "size=65536k") + } else { + localOpts = append(localOpts, "exec") } baseMounts[dest] = spec.Mount{ Destination: dest, diff --git a/pkg/util/mountOpts.go b/pkg/util/mountOpts.go index 9e387ce95..670daeaf9 100644 --- a/pkg/util/mountOpts.go +++ b/pkg/util/mountOpts.go @@ -10,7 +10,7 @@ var ( // ErrBadMntOption indicates that an invalid mount option was passed. ErrBadMntOption = errors.Errorf("invalid mount option") // ErrDupeMntOption indicates that a duplicate mount option was passed. - ErrDupeMntOption = errors.Errorf("duplicate option passed") + ErrDupeMntOption = errors.Errorf("duplicate mount option passed") ) // DefaultMountOptions sets default mount options for ProcessOptions. -- cgit v1.2.3-54-g00ecf