opensource/podman
1
0
Fork 0
mirror of https://github.com/containers/podman.git synced 2025-06-23 02:18:13 +08:00
Code Issues Packages Projects Releases Wiki Activity

createconfig: always cleanup a rootless container

Browse Source 
the rootless container storage is always mounted in a different mount
namespace, owned by the unprivileged user.  Even if it is mounted, a
process running in another namespace cannot reuse the already mounted
storage.

Make sure the storage is always cleaned up once the container
terminates.

This has worked with vfs since there is no real mounted storage.

Closes: https://github.com/containers/libpod/issues/2112

Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
This commit is contained in:
Giuseppe Scrivano
2019-01-10 10:06:37 +01:00
parent 64627d910b
commit 7ba38b375f
1 changed files with 3 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files

4
pkg/spec/createconfig.go
View File

@ -518,7 +518,9 @@ func (c *CreateConfig) GetContainerCreateOptions(runtime *libpod.Runtime) ([]lib
if c.CgroupParent != "" {
options = append(options, libpod.WithCgroupParent(c.CgroupParent))
}
if c.Detach {
// For a rootless container always cleanup the storage/network as they
// run in a different namespace thus not reusable when we restart.
if c.Detach || rootless.IsRootless() {
options = append(options, libpod.WithExitCommand(c.createExitCommand()))
}