Set base mount options for bind mounts from base system

If I mount, say, /usr/bin into my container - I expect to be able to run the executables in that mount. Unconditionally applying noexec would be a bad idea. Before my patches to change mount options and allow exec/dev/suid being set explicitly, we inferred the mount options from where on the base system the mount originated, and the options it had there. Implement the same functionality for the new option handling. There's a lot of performance left on the table here, but I don't know that this is ever going to take enough time to make it worth optimizing. Signed-off-by: Matthew Heon <matthew.heon@pm.me>
2025-08-06 03:19:52 +08:00 · 2019-08-23 13:24:06 -04:00
parent d45595d9cc
commit 5bdd97f77f
4 changed files with 67 additions and 28 deletions
--- a/libpod/options.go
+++ b/libpod/options.go
@ -1360,7 +1360,7 @@ func WithNamedVolumes(volumes []*ContainerNamedVolume) CtrCreateOption {
 			}
 			destinations[vol.Dest] = true

-			mountOpts, err := util.ProcessOptions(vol.Options, false)
+			mountOpts, err := util.ProcessOptions(vol.Options, false, nil)
 			if err != nil {
 				return errors.Wrapf(err, "error processing options for named volume %q mounted at %q", vol.Name, vol.Dest)
 			}