opensource/podman
1
0
Fork 0
mirror of https://github.com/containers/podman.git synced 2025-08-06 19:44:14 +08:00
Code Issues Packages Projects Releases Wiki Activity

Add Linux Root Propagation to kpod create and run

Browse Source 
Add [r]shared, [r]private, [r]slave functionality to the --volume flag
for kpod create and kpod run
This sets the root propagation for each bind mount

Signed-off-by: umohnani8 <umohnani@redhat.com>

Closes: #87
Approved by: rhatdan
This commit is contained in:
umohnani8
2017-11-27 13:17:42 -05:00
committed by Atomic Bot
parent c5c7341d4b
commit 34696c55e9
3 changed files with 30 additions and 19 deletions
Download Patch File Download Diff File Expand all files Collapse all files

34
cmd/kpod/spec.go
View File

@ -300,6 +300,16 @@ func createConfigToOCISpec(config *createConfig) (*spec.Spec, error) {
return nil, errors.Wrapf(err, "error getting volume mounts") return nil, errors.Wrapf(err, "error getting volume mounts")
} }
configSpec.Mounts = append(configSpec.Mounts, mounts...) configSpec.Mounts = append(configSpec.Mounts, mounts...)
for _, mount := range configSpec.Mounts {
for _, opt := range mount.Options {
switch opt {
case "private", "rprivate", "slave", "rslave", "shared", "rshared":
if err := g.SetLinuxRootPropagation(opt); err != nil {
return nil, errors.Wrapf(err, "error setting root propagation for %q", mount.Destination)
}
}
}
}
// HANDLE CAPABILITIES // HANDLE CAPABILITIES
if err := setupCapabilities(config, configSpec); err != nil { if err := setupCapabilities(config, configSpec); err != nil {
@ -442,24 +452,25 @@ func (c *createConfig) GetVolumeMounts() ([]spec.Mount, error) {
options = strings.Split(spliti[2], ",") options = strings.Split(spliti[2], ",")
} }
options = append(options, "rbind") options = append(options, "rbind")
// var foundrw, foundro, var foundrw, foundro, foundz, foundZ bool
var foundz, foundZ bool var rootProp string
for _, opt := range options { for _, opt := range options {
switch opt { switch opt {
// case "rw": case "rw":
// foundrw = true foundrw = true
// case "ro": case "ro":
// foundro = true foundro = true
case "z": case "z":
foundz = true foundz = true
case "Z": case "Z":
foundZ = true foundZ = true
case "private", "rprivate", "slave", "rslave", "shared", "rshared":
rootProp = opt
} }
} }
// if !foundro && !foundrw { if !foundrw && !foundro {
// // rw option is default options = append(options, "rw")
// options = append(options, "rw") }
// }
if foundz { if foundz {
if err := label.Relabel(spliti[0], c.mountLabel, true); err != nil { if err := label.Relabel(spliti[0], c.mountLabel, true); err != nil {
return nil, errors.Wrapf(err, "relabel failed %q", spliti[0]) return nil, errors.Wrapf(err, "relabel failed %q", spliti[0])
@ -470,6 +481,9 @@ func (c *createConfig) GetVolumeMounts() ([]spec.Mount, error) {
return nil, errors.Wrapf(err, "relabel failed %q", spliti[0]) return nil, errors.Wrapf(err, "relabel failed %q", spliti[0])
} }
} }
if rootProp == "" {
options = append(options, "rprivate")
}
m = append(m, spec.Mount{ m = append(m, spec.Mount{
Destination: spliti[1], Destination: spliti[1],

2
cmd/kpod/spec_test.go
View File

@ -13,7 +13,7 @@ func TestCreateConfig_GetVolumeMounts(t *testing.T) {
Destination: "/foobar", Destination: "/foobar",
Type: "bind", Type: "bind",
Source: "foobar", Source: "foobar",
Options: []string{"ro", "rbind"}, Options: []string{"ro", "rbind", "rprivate"},
} }
config := createConfig{ config := createConfig{
volumes: []string{"foobar:/foobar:ro"}, volumes: []string{"foobar:/foobar:ro"},

13
test/kpod_run.bats
View File

@ -125,16 +125,13 @@ IMAGE="docker.io/library/fedora:latest"
} }
@test "kpod run with volume flag" { @test "kpod run with volume flag" {
run bash -c "${KPOD_BINARY} ${KPOD_OPTIONS} run -v ${MOUNT_PATH}:/run/test ${FEDORA_MINIMAL} cat /proc/self/mountinfo | grep '${MOUNT_PATH} /run/test rw,relatime'" run bash -c "${KPOD_BINARY} ${KPOD_OPTIONS} run -v ${MOUNT_PATH}:/run/test ${BB} cat /proc/self/mountinfo | grep '${MOUNT_PATH} /run/test rw,relatime'"
echo $output echo $output
[ "$status" -eq 0 ] [ "$status" -eq 0 ]
run bash -c "${KPOD_BINARY} ${KPOD_OPTIONS} run -v ${MOUNT_PATH}:/run/test:ro ${FEDORA_MINIMAL} cat /proc/self/mountinfo | grep '${MOUNT_PATH} /run/test ro,relatime'" run bash -c "${KPOD_BINARY} ${KPOD_OPTIONS} run -v ${MOUNT_PATH}:/run/test:ro ${BB} cat /proc/self/mountinfo | grep '${MOUNT_PATH} /run/test ro,relatime'"
echo $output
[ "$status" -eq 0 ]
run bash -c "${KPOD_BINARY} ${KPOD_OPTIONS} run -v ${MOUNT_PATH}:/run/test:shared ${BB} cat /proc/self/mountinfo | grep '${MOUNT_PATH} /run/test rw,relatime shared:'"
echo $output echo $output
[ "$status" -eq 0 ] [ "$status" -eq 0 ]
#run bash -c "${KPOD_BINARY} ${KPOD_OPTIONS} run -v ${MOUNT_PATH}:/run/test:shared ${FEDORA_MINIMAL} cat /proc/self/mountinfo | grep '${MOUNT_PATH} /run/test rw,relatime shared:'"
#echo $output
#[ "$status" -eq 0 ]
#run bash -c "${KPOD_BINARY} ${KPOD_OPTIONS} run -v ${MOUNT_PATH}:/run/test:rslave ${FEDORA_MINIMAL} cat /proc/self/mountinfo | grep '${MOUNT_PATH} /run/test rw,relatime master:'"
#echo $output
#[ "$status" -eq 0 ]
} }