opensource/podman
1
0
Fork 0
mirror of https://github.com/containers/podman.git synced 2025-10-16 18:53:19 +08:00
Code Issues Packages Projects Releases Wiki Activity

util: use private propagation with bind

Browse Source 
when the "bind" option is used, do not use the "rprivate" propagation
as it would inhibit the effect of "bind", instead default to "private".

Closes: https://github.com/containers/podman/issues/22107

Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
This commit is contained in:
Giuseppe Scrivano
2024-03-21 11:31:37 +01:00
parent 9a13b8f17d
commit 4740367330
2 changed files with 17 additions and 2 deletions
Download Patch File Download Diff File Expand all files Collapse all files

13
pkg/util/mount_opts.go
View File

@ -37,6 +37,8 @@ func processOptionsInternal(options []string, isTmpfs bool, sourcePath string, g
foundWrite, foundSize, foundProp, foundMode, foundExec, foundSuid, foundDev, foundCopyUp, foundBind, foundZ, foundU, foundOverlay, foundIdmap, foundCopy, foundNoSwap, foundNoDereference bool foundWrite, foundSize, foundProp, foundMode, foundExec, foundSuid, foundDev, foundCopyUp, foundBind, foundZ, foundU, foundOverlay, foundIdmap, foundCopy, foundNoSwap, foundNoDereference bool
) )
recursiveBind := true
newOptions := make([]string, 0, len(options)) newOptions := make([]string, 0, len(options))
for _, opt := range options { for _, opt := range options {
// Some options have parameters - size, mode // Some options have parameters - size, mode
@ -159,7 +161,10 @@ func processOptionsInternal(options []string, isTmpfs bool, sourcePath string, g
return nil, fmt.Errorf("the 'no-dereference' option can only be set once: %w", ErrDupeMntOption) return nil, fmt.Errorf("the 'no-dereference' option can only be set once: %w", ErrDupeMntOption)
} }
foundNoDereference = true foundNoDereference = true
case define.TypeBind, "rbind": case define.TypeBind:
recursiveBind = false
fallthrough
case "rbind":
if isTmpfs { if isTmpfs {
return nil, fmt.Errorf("the 'bind' and 'rbind' options are not allowed with tmpfs mounts: %w", ErrBadMntOption) return nil, fmt.Errorf("the 'bind' and 'rbind' options are not allowed with tmpfs mounts: %w", ErrBadMntOption)
} }
@ -190,7 +195,11 @@ func processOptionsInternal(options []string, isTmpfs bool, sourcePath string, g
newOptions = append(newOptions, "rw") newOptions = append(newOptions, "rw")
} }
if !foundProp { if !foundProp {
newOptions = append(newOptions, "rprivate") if recursiveBind {
newOptions = append(newOptions, "rprivate")
} else {
newOptions = append(newOptions, "private")
}
} }
defaults, err := getDefaultMountOptions(sourcePath) defaults, err := getDefaultMountOptions(sourcePath)
if err != nil { if err != nil {

6
pkg/util/utils_test.go
View File

@ -742,6 +742,12 @@ func TestProcessOptions(t *testing.T) {
sourcePath: "/path/to/source", sourcePath: "/path/to/source",
expected: []string{"nodev", "nosuid", "rbind", "rprivate", "rw"}, expected: []string{"nodev", "nosuid", "rbind", "rprivate", "rw"},
}, },
{
name: "default bind mount with bind",
sourcePath: "/path/to/source",
options: []string{"bind"},
expected: []string{"nodev", "nosuid", "bind", "private", "rw"},
},
} }
for _, tt := range tests { for _, tt := range tests {