mount: add new options nocopyup|copyup for tmpfs

add a way to disable tmpcopyup for tmpfs. Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
2025-10-17 19:24:04 +08:00 · 2019-11-06 21:36:18 +01:00
parent 581a7ec298
commit 4e5e9dbec2
5 changed files with 59 additions and 10 deletions
--- a/pkg/util/mountOpts.go
+++ b/pkg/util/mountOpts.go
@ -30,6 +30,8 @@ func ProcessOptions(options []string, isTmpfs bool, defaults *DefaultMountOption
 		foundWrite, foundSize, foundProp, foundMode, foundExec, foundSuid, foundDev, foundCopyUp, foundBind, foundZ bool
 	)

+	var newOptions []string
+
 	for _, opt := range options {
 		// Some options have parameters - size, mode
 		splitOpt := strings.SplitN(opt, "=", 2)
@ -80,9 +82,19 @@ func ProcessOptions(options []string, isTmpfs bool, defaults *DefaultMountOption
 				return nil, errors.Wrapf(ErrBadMntOption, "the 'tmpcopyup' option is only allowed with tmpfs mounts")
 			}
 			if foundCopyUp {
-				return nil, errors.Wrapf(ErrDupeMntOption, "the 'tmpcopyup' option can only be set once")
+				return nil, errors.Wrapf(ErrDupeMntOption, "the 'tmpcopyup' or 'notmpcopyup' option can only be set once")
 			}
 			foundCopyUp = true
+		case "notmpcopyup":
+			if !isTmpfs {
+				return nil, errors.Wrapf(ErrBadMntOption, "the 'notmpcopyup' option is only allowed with tmpfs mounts")
+			}
+			if foundCopyUp {
+				return nil, errors.Wrapf(ErrDupeMntOption, "the 'tmpcopyup' or 'notmpcopyup' option can only be set once")
+			}
+			foundCopyUp = true
+			// do not propagate notmpcopyup to the OCI runtime
+			continue
 		case "bind", "rbind":
 			if isTmpfs {
 				return nil, errors.Wrapf(ErrBadMntOption, "the 'bind' and 'rbind' options are not allowed with tmpfs mounts")
@ -101,29 +113,30 @@ func ProcessOptions(options []string, isTmpfs bool, defaults *DefaultMountOption
 		default:
 			return nil, errors.Wrapf(ErrBadMntOption, "unknown mount option %q", opt)
 		}
+		newOptions = append(newOptions, opt)
 	}

 	if !foundWrite {
-		options = append(options, "rw")
+		newOptions = append(newOptions, "rw")
 	}
 	if !foundProp {
-		options = append(options, "rprivate")
+		newOptions = append(newOptions, "rprivate")
 	}
 	if !foundExec && (defaults == nil || defaults.Noexec) {
-		options = append(options, "noexec")
+		newOptions = append(newOptions, "noexec")
 	}
 	if !foundSuid && (defaults == nil || defaults.Nosuid) {
-		options = append(options, "nosuid")
+		newOptions = append(newOptions, "nosuid")
 	}
 	if !foundDev && (defaults == nil || defaults.Nodev) {
-		options = append(options, "nodev")
+		newOptions = append(newOptions, "nodev")
 	}
 	if isTmpfs && !foundCopyUp {
-		options = append(options, "tmpcopyup")
+		newOptions = append(newOptions, "tmpcopyup")
 	}
 	if !isTmpfs && !foundBind {
-		options = append(options, "rbind")
+		newOptions = append(newOptions, "rbind")
 	}

-	return options, nil
+	return newOptions, nil
 }