mirror of
https://github.com/containers/podman.git
synced 2025-08-06 19:44:14 +08:00
libpod: Use platform-specific mount type for volume mounts
[NO NEW TESTS NEEDED] Signed-off-by: Doug Rabson <dfr@rabson.org>
This commit is contained in:
@ -18,6 +18,7 @@ import (
|
|||||||
butil "github.com/containers/buildah/util"
|
butil "github.com/containers/buildah/util"
|
||||||
"github.com/containers/common/pkg/apparmor"
|
"github.com/containers/common/pkg/apparmor"
|
||||||
cutil "github.com/containers/common/pkg/util"
|
cutil "github.com/containers/common/pkg/util"
|
||||||
|
"github.com/containers/podman/v4/libpod/define"
|
||||||
"github.com/containers/podman/v4/pkg/annotations"
|
"github.com/containers/podman/v4/pkg/annotations"
|
||||||
"github.com/containers/podman/v4/pkg/lookup"
|
"github.com/containers/podman/v4/pkg/lookup"
|
||||||
"github.com/containers/podman/v4/pkg/rootless"
|
"github.com/containers/podman/v4/pkg/rootless"
|
||||||
@ -174,7 +175,7 @@ func (c *Container) generateSpec(ctx context.Context) (*spec.Spec, error) {
|
|||||||
g.AddMount(overlayMount)
|
g.AddMount(overlayMount)
|
||||||
} else {
|
} else {
|
||||||
volMount := spec.Mount{
|
volMount := spec.Mount{
|
||||||
Type: "bind",
|
Type: define.TypeBind,
|
||||||
Source: mountPoint,
|
Source: mountPoint,
|
||||||
Destination: namedVol.Dest,
|
Destination: namedVol.Dest,
|
||||||
Options: namedVol.Options,
|
Options: namedVol.Options,
|
||||||
@ -220,10 +221,10 @@ func (c *Container) generateSpec(ctx context.Context) (*spec.Spec, error) {
|
|||||||
// Add bind mounts to container
|
// Add bind mounts to container
|
||||||
for dstPath, srcPath := range c.state.BindMounts {
|
for dstPath, srcPath := range c.state.BindMounts {
|
||||||
newMount := spec.Mount{
|
newMount := spec.Mount{
|
||||||
Type: "bind",
|
Type: define.TypeBind,
|
||||||
Source: srcPath,
|
Source: srcPath,
|
||||||
Destination: dstPath,
|
Destination: dstPath,
|
||||||
Options: []string{"bind", "rprivate"},
|
Options: bindOptions,
|
||||||
}
|
}
|
||||||
if c.IsReadOnly() && dstPath != "/dev/shm" {
|
if c.IsReadOnly() && dstPath != "/dev/shm" {
|
||||||
newMount.Options = append(newMount.Options, "ro", "nosuid", "noexec", "nodev")
|
newMount.Options = append(newMount.Options, "ro", "nosuid", "noexec", "nodev")
|
||||||
|
@ -51,6 +51,10 @@ import (
|
|||||||
"golang.org/x/sys/unix"
|
"golang.org/x/sys/unix"
|
||||||
)
|
)
|
||||||
|
|
||||||
|
var (
|
||||||
|
bindOptions = []string{}
|
||||||
|
)
|
||||||
|
|
||||||
// Network stubs to decouple container_internal_freebsd.go from
|
// Network stubs to decouple container_internal_freebsd.go from
|
||||||
// networking_freebsd.go so they can be reviewed separately.
|
// networking_freebsd.go so they can be reviewed separately.
|
||||||
func (r *Runtime) createNetNS(ctr *Container) (netJail string, q map[string]types.StatusBlock, retErr error) {
|
func (r *Runtime) createNetNS(ctr *Container) (netJail string, q map[string]types.StatusBlock, retErr error) {
|
||||||
|
@ -56,6 +56,10 @@ import (
|
|||||||
"golang.org/x/sys/unix"
|
"golang.org/x/sys/unix"
|
||||||
)
|
)
|
||||||
|
|
||||||
|
var (
|
||||||
|
bindOptions = []string{"bind", "rprivate"}
|
||||||
|
)
|
||||||
|
|
||||||
func (c *Container) mountSHM(shmOptions string) error {
|
func (c *Container) mountSHM(shmOptions string) error {
|
||||||
if err := unix.Mount("shm", c.config.ShmDir, "tmpfs", unix.MS_NOEXEC|unix.MS_NOSUID|unix.MS_NODEV,
|
if err := unix.Mount("shm", c.config.ShmDir, "tmpfs", unix.MS_NOEXEC|unix.MS_NOSUID|unix.MS_NODEV,
|
||||||
label.FormatMountLabel(shmOptions, c.config.MountLabel)); err != nil {
|
label.FormatMountLabel(shmOptions, c.config.MountLabel)); err != nil {
|
||||||
|
Reference in New Issue
Block a user