opensource/podman
1
0
Fork 0
mirror of https://github.com/containers/podman.git synced 2025-12-02 02:58:03 +08:00
Code Issues Packages Projects Releases Wiki Activity

libpod: do not cover idmapped mountpoint

Browse Source 
Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
This commit is contained in:
Giuseppe Scrivano
2025-03-10 21:11:07 +01:00
parent faf8574bb4
commit c9c44d400c
4 changed files with 29 additions and 11 deletions
Download Patch File Download Diff File Expand all files Collapse all files

16
libpod/oci_conmon_linux.go
View File

@@ -89,14 +89,16 @@ func (r *ConmonOCIRuntime) createRootlessContainer(ctr *Container, restoreOption
}
}
// do not propagate the bind mount on the parent mount namespace
if err := unix.Mount("", parentMount, "", unix.MS_SLAVE, ""); err != nil {
return 0, fmt.Errorf("failed to make %s slave: %w", parentMount, err)
}
// bind mount the containers' mount path to the path where the OCI runtime expects it to be
if err := unix.Mount(ctr.state.Mountpoint, rootPath, "", unix.MS_BIND, ""); err != nil {
return 0, fmt.Errorf("failed to bind mount %s to %s: %w", ctr.state.Mountpoint, rootPath, err)
// if the container is already mounted at the expected path, do not cover the mountpoint.
if filepath.Clean(ctr.state.Mountpoint) != filepath.Clean(rootPath) {
// do not propagate the bind mount on the parent mount namespace
if err := unix.Mount("", parentMount, "", unix.MS_SLAVE, ""); err != nil {
return 0, fmt.Errorf("failed to make %s slave: %w", parentMount, err)
}
if err := unix.Mount(ctr.state.Mountpoint, rootPath, "", unix.MS_BIND, ""); err != nil {
return 0, fmt.Errorf("failed to bind mount %s to %s: %w", ctr.state.Mountpoint, rootPath, err)
}
}
if isShared {