Fix addition of mount options when using RO tmpfs

For read-only containers set to create tmpfs filesystems over
/run and other common destinations, we were incorrectly setting
mount options, resulting in duplicate mount options.

Signed-off-by: Matthew Heon <matthew.heon@pm.me>

pkg/spec/storage.go

@@ -163,14 +163,16 @@ func (config *CreateConfig) parseVolumes(runtime *libpod.Runtime) ([]spec.Mount,
 	// If requested, add tmpfs filesystems for read-only containers.
 	if config.ReadOnlyRootfs && config.ReadOnlyTmpfs {
 		readonlyTmpfs := []string{"/tmp", "/var/tmp", "/run"}
-		options := []string{"rw", "rprivate", "exec", "nosuid", "nodev", "tmpcopyup"}
+		options := []string{"rw", "rprivate", "nosuid", "nodev", "tmpcopyup"}
 		for _, dest := range readonlyTmpfs {
 			if _, ok := baseMounts[dest]; ok {
 				continue
 			}
 			localOpts := options
 			if dest == "/run" {
-				localOpts = append(localOpts, "dev", "suid", "noexec", "size=65536k")
+				localOpts = append(localOpts, "noexec", "size=65536k")
+			} else {
+				localOpts = append(localOpts, "exec")
 			}
 			baseMounts[dest] = spec.Mount{
 				Destination: dest,

pkg/util/mountOpts.go

@@ -10,7 +10,7 @@ var (
 	// ErrBadMntOption indicates that an invalid mount option was passed.
 	ErrBadMntOption = errors.Errorf("invalid mount option")
 	// ErrDupeMntOption indicates that a duplicate mount option was passed.
-	ErrDupeMntOption = errors.Errorf("duplicate option passed")
+	ErrDupeMntOption = errors.Errorf("duplicate mount option passed")
 )
 
 // DefaultMountOptions sets default mount options for ProcessOptions.