opensource/podman
1
0
Fork 0
mirror of https://github.com/containers/podman.git synced 2025-10-21 05:13:47 +08:00
Code Issues Packages Projects Releases Wiki Activity

spec: add nosuid,noexec,nodev to ro bind mount

Browse Source 
runc fails to change the ro mode of a rootless bind mount if the other
flags are not kept.

Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
This commit is contained in:
Giuseppe Scrivano
2019-01-11 10:34:27 +01:00
committed by Matthew Heon
parent c62efd08f7
commit 550d39c3e9
1 changed files with 1 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
libpod/container_internal_linux.go
View File

@ -227,7 +227,7 @@ func (c *Container) generateSpec(ctx context.Context) (*spec.Spec, error) {
Options: []string{"bind", "private"},
}
if c.IsReadOnly() && dstPath != "/dev/shm" {
newMount.Options = append(newMount.Options, "ro")
newMount.Options = append(newMount.Options, "ro", "nosuid", "noexec", "nodev")
}
if !MountExists(g.Mounts(), dstPath) {
g.AddMount(newMount)