Merge pull request #4034 from rhatdan/relabel

Add 'relabel' to --mount options
2025-10-17 03:04:21 +08:00 · 2019-09-17 13:02:23 +02:00
parent 2aa6771e78 405ef9bc56
commit 799aa7022b
3 changed files with 33 additions and 5 deletions
--- a/docs/podman-create.1.md
+++ b/docs/podman-create.1.md
@ -464,12 +464,16 @@ Tune a container's memory swappiness behavior. Accepts an integer between 0 and

 Attach a filesystem mount to the container

-Current supported mount TYPES are bind, and tmpfs.
+Current supported mount TYPES are `bind`, `volume`, and `tmpfs`.

       e.g.

       type=bind,source=/path/on/host,destination=/path/in/container

+       type=bind,src=/path/on/host,dst=/path/in/container,relabel=shared
+
+       type=volume,source=vol1,destination=/path/in/container,ro=true
+
       type=tmpfs,tmpfs-size=512M,destination=/path/in/container

       Common Options:
@ -483,8 +487,11 @@ Current supported mount TYPES are bind, and tmpfs.
       Options specific to bind:

              · bind-propagation: shared, slave, private, rshared, rslave, or rprivate(default). See also mount(2).
+
              . bind-nonrecursive: do not setup a recursive bind mount.  By default it is recursive.

+              . relabel: shared, private.
+
       Options specific to tmpfs:

              · tmpfs-size: Size of the tmpfs mount in bytes. Unlimited by default in Linux.
--- a/docs/podman-run.1.md
+++ b/docs/podman-run.1.md
@ -475,13 +475,15 @@ Tune a container's memory swappiness behavior. Accepts an integer between 0 and

 Attach a filesystem mount to the container

-Current supported mount TYPES are bind, and tmpfs.
+Current supported mount TYPES are `bind`, `volume`, and `tmpfs`.

       e.g.

       type=bind,source=/path/on/host,destination=/path/in/container

-       type=bind,source=volume-name,destination=/path/in/container
+       type=bind,src=/path/on/host,dst=/path/in/container,relabel=shared
+
+       type=volume,source=vol1,destination=/path/in/container,ro=true

       type=tmpfs,tmpfs-size=512M,destination=/path/in/container

@ -495,9 +497,12 @@ Current supported mount TYPES are bind, and tmpfs.

       Options specific to bind:

-	      · bind-propagation: Z, z, shared, slave, private, rshared, rslave, or rprivate(default). See also mount(2).
+	      · bind-propagation: shared, slave, private, rshared, rslave, or rprivate(default). See also mount(2).
+
 	      . bind-nonrecursive: do not setup a recursive bind mount.  By default it is recursive.

+	      . relabel: shared, private.
+
       Options specific to tmpfs:

 	      · tmpfs-size: Size of the tmpfs mount in bytes. Unlimited by default in Linux.
--- a/pkg/spec/storage.go
+++ b/pkg/spec/storage.go
@ -389,7 +389,7 @@ func getBindMount(args []string) (spec.Mount, error) {
 		Type: TypeBind,
 	}

-	var setSource, setDest, setRORW, setSuid, setDev, setExec bool
+	var setSource, setDest, setRORW, setSuid, setDev, setExec, setRelabel bool

 	for _, val := range args {
 		kv := strings.Split(val, "=")
@ -467,6 +467,22 @@ func getBindMount(args []string) (spec.Mount, error) {
 			}
 			newMount.Destination = kv[1]
 			setDest = true
+		case "relabel":
+			if setRelabel {
+				return newMount, errors.Wrapf(optionArgError, "cannot pass 'relabel' option more than once")
+			}
+			setRelabel = true
+			if len(kv) != 2 {
+				return newMount, errors.Wrapf(util.ErrBadMntOption, "%s mount option must be 'private' or 'shared'", kv[0])
+			}
+			switch kv[1] {
+			case "private":
+				newMount.Options = append(newMount.Options, "z")
+			case "shared":
+				newMount.Options = append(newMount.Options, "Z")
+			default:
+				return newMount, errors.Wrapf(util.ErrBadMntOption, "%s mount option must be 'private' or 'shared'", kv[0])
+			}
 		default:
 			return newMount, errors.Wrapf(util.ErrBadMntOption, kv[0])
 		}