Don't mount /dev/shm if the user told you --ipc=none

Signed-off-by: Daniel J Walsh <dwalsh@redhat.com> Closes: #1466 Approved by: mheon
2025-06-20 00:51:16 +08:00 · 2018-09-13 17:33:07 -04:00
parent 4f42fe2e9e
commit 09f506930c
3 changed files with 11 additions and 16 deletions
--- a/cmd/podman/create.go
+++ b/cmd/podman/create.go
@ -528,17 +528,6 @@ func parseCreateOpts(ctx context.Context, c *cli.Context, runtime *libpod.Runtim
 		}
 	}

-	shmDir := ""
-	if ipcMode.IsHost() {
-		shmDir = "/dev/shm"
-	} else if ipcMode.IsContainer() {
-		ctr, err := runtime.LookupContainer(ipcMode.Container())
-		if err != nil {
-			return nil, errors.Wrapf(err, "container %q not found", ipcMode.Container())
-		}
-		shmDir = ctr.ShmDir()
-	}
-
 	// USER
 	user := c.String("user")
 	if user == "" {
@ -775,7 +764,6 @@ func parseCreateOpts(ctx context.Context, c *cli.Context, runtime *libpod.Runtim
 			Ulimit:    c.StringSlice("ulimit"),
 		},
 		Rm:          c.Bool("rm"),
-		ShmDir:      shmDir,
 		StopSignal:  stopSignal,
 		StopTimeout: c.Uint("stop-timeout"),
 		Sysctl:      sysctl,
--- a/pkg/spec/createconfig.go
+++ b/pkg/spec/createconfig.go
@ -112,8 +112,7 @@ type CreateConfig struct {
 	Quiet              bool     //quiet
 	ReadOnlyRootfs     bool     //read-only
 	Resources          CreateResourceConfig
-	Rm                 bool //rm
-	ShmDir             string
+	Rm                 bool              //rm
 	StopSignal         syscall.Signal    // stop-signal
 	StopTimeout        uint              // stop-timeout
 	Sysctl             map[string]string //sysctl
@ -447,7 +446,16 @@ func (c *CreateConfig) GetContainerCreateOptions(runtime *libpod.Runtime) ([]lib
 	options = append(options, libpod.WithConmonPidFile(c.ConmonPidFile))
 	options = append(options, libpod.WithLabels(c.Labels))
 	options = append(options, libpod.WithUser(c.User))
-	options = append(options, libpod.WithShmDir(c.ShmDir))
+	if c.IpcMode.IsHost() {
+		options = append(options, libpod.WithShmDir("/dev/shm"))
+
+	} else if c.IpcMode.IsContainer() {
+		ctr, err := runtime.LookupContainer(c.IpcMode.Container())
+		if err != nil {
+			return nil, errors.Wrapf(err, "container %q not found", c.IpcMode.Container())
+		}
+		options = append(options, libpod.WithShmDir(ctr.ShmDir()))
+	}
 	options = append(options, libpod.WithShmSize(c.Resources.ShmSize))
 	options = append(options, libpod.WithGroups(c.GroupAdd))
 	options = append(options, libpod.WithIDMappings(*c.IDMappings))
--- a/pkg/varlinkapi/containers_create.go
+++ b/pkg/varlinkapi/containers_create.go
@ -202,7 +202,6 @@ func varlinkCreateToCreateConfig(ctx context.Context, create iopodman.Create, ru
 			Ulimit:            create.Resources.Ulimit,
 		},
 		Rm:          create.Rm,
-		ShmDir:      create.Shm_dir,
 		StopSignal:  stopSignal,
 		StopTimeout: uint(create.Stop_timeout),
 		Sysctl:      create.Sys_ctl,