opensource/podman
1
0
Fork 0
mirror of https://github.com/containers/podman.git synced 2025-10-13 01:06:10 +08:00
Code Issues Packages Projects Releases Wiki Activity

do not pass [no]copy as bind mounts options to runtime

Browse Source 
Starting with runc 1.3.0 it errors when we pass unknown mount options to
the runtime, the copy/nocopy options are specific to podman when we
mount the volume and are not valid mount options for the runtime.

Fixes: #26938

Signed-off-by: Paul Holzinger <pholzing@redhat.com>
This commit is contained in:
Paul Holzinger
2025-09-01 12:40:21 +02:00
committed by Matt Heon
parent 26a41ad665
commit 7601c78be3
2 changed files with 25 additions and 3 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
libpod/container_internal_common.go
View File

@ -420,6 +420,8 @@ func (c *Container) generateSpec(ctx context.Context) (s *spec.Spec, cleanupFunc
// Podman decided for --no-dereference as many // Podman decided for --no-dereference as many
// bin-utils tools (e..g, touch, chown, cp) do. // bin-utils tools (e..g, touch, chown, cp) do.
options = append(options, "copy-symlink") options = append(options, "copy-symlink")
case "copy", "nocopy":
// no real OCI runtime bind mount options, these should already be handled by the named volume mount above
default: default:
options = append(options, o) options = append(options, o)
} }

26
test/e2e/run_volume_test.go
View File

@ -3,6 +3,7 @@
package integration package integration
import ( import (
"encoding/json"
"fmt" "fmt"
"os" "os"
"os/exec" "os/exec"
@ -15,6 +16,7 @@ import (
. "github.com/onsi/ginkgo/v2" . "github.com/onsi/ginkgo/v2"
. "github.com/onsi/gomega" . "github.com/onsi/gomega"
. "github.com/onsi/gomega/gexec" . "github.com/onsi/gomega/gexec"
"github.com/opencontainers/runtime-spec/specs-go"
) )
// in-container mount point: using a path that is definitely not present // in-container mount point: using a path that is definitely not present
@ -448,9 +450,27 @@ var _ = Describe("Podman run with volumes", func() {
Expect(separateVolumeSession).Should(ExitCleanly()) Expect(separateVolumeSession).Should(ExitCleanly())
Expect(separateVolumeSession.OutputToString()).To(Equal(baselineOutput)) Expect(separateVolumeSession.OutputToString()).To(Equal(baselineOutput))
copySession := podmanTest.Podman([]string{"run", "--rm", "-v", "testvol3:/etc/apk:copy", ALPINE, "stat", "-c", "%h", "/etc/apk/arch"}) podmanTest.PodmanExitCleanly("run", "--name", "testctr", "-v", "testvol3:/etc/apk:copy", ALPINE, "stat", "-c", "%h", "/etc/apk/arch")
copySession.WaitWithDefaultTimeout()
Expect(copySession).Should(ExitCleanly()) inspect := podmanTest.PodmanExitCleanly("container", "inspect", "testctr", "--format", "{{.OCIConfigPath}}")
// Make extra check that the OCI config does not contain the copy opt, runc 1.3.0 fails on that while crun does not.
// We only test crun upstream so make sure the spec is sane: https://github.com/containers/podman/issues/26938
f, err := os.Open(inspect.OutputToString())
Expect(err).ToNot(HaveOccurred())
defer f.Close()
var spec specs.Spec
err = json.NewDecoder(f).Decode(&spec)
Expect(err).ToNot(HaveOccurred())
found := false
for _, m := range spec.Mounts {
if m.Destination == "/etc/apk" {
found = true
Expect(m.Options).To(Equal([]string{"rprivate", "nosuid", "nodev", "rbind"}))
}
}
Expect(found).To(BeTrue(), "OCI spec contains /etc/apk mount")
noCopySession := podmanTest.Podman([]string{"run", "--rm", "-v", "testvol4:/etc/apk:nocopy", ALPINE, "stat", "-c", "%h", "/etc/apk/arch"}) noCopySession := podmanTest.Podman([]string{"run", "--rm", "-v", "testvol4:/etc/apk:nocopy", ALPINE, "stat", "-c", "%h", "/etc/apk/arch"})
noCopySession.WaitWithDefaultTimeout() noCopySession.WaitWithDefaultTimeout()