rootless: support a per-user mounts.conf

Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>

docs/podman.1.md

@@ -139,6 +139,8 @@ The format of the mounts.conf is the volume format /SRC:/DEST, one mount per lin
 
 Note this is not a volume mount. The content of the volumes is copied into container storage, not bind mounted directly from the host.
 
+When Podman runs in rootless mode, the file `$HOME/.config/containers/mounts.conf` is also used.
+
 **hook JSON** (`/usr/share/containers/oci/hooks.d/*.json`)
 
 Each `*.json` file in `/usr/share/containers/oci/hooks.d` configures a hook for Podman containers.  For more details on the syntax of the JSON files and the semantics of hook injection, see `oci-hooks(5)`.

pkg/secrets/secrets.go

@@ -10,6 +10,7 @@ import (
 	rspec "github.com/opencontainers/runtime-spec/specs-go"
 	"github.com/opencontainers/selinux/go-selinux/label"
 	"github.com/pkg/errors"
+	"github.com/projectatomic/libpod/pkg/rootless"
 	"github.com/sirupsen/logrus"
 )
 
@@ -20,6 +21,9 @@ var (
 	// OverrideMountsFile holds the default mount paths in the form
 	// "host_path:container_path" overridden by the user
 	OverrideMountsFile = "/etc/containers/mounts.conf"
+	// UserOverrideMountsFile holds the default mount paths in the form
+	// "host_path:container_path" overridden by the rootless user
+	UserOverrideMountsFile = filepath.Join(os.Getenv("HOME"), ".config/containers/mounts.conf")
 )
 
 // secretData stores the name of the file and the content read from it
@@ -143,6 +147,9 @@ func SecretMountsWithUIDGID(mountLabel, containerWorkingDir, mountFile, mountPre
 	// Note for testing purposes only
 	if mountFile == "" {
 		mountFiles = append(mountFiles, []string{OverrideMountsFile, DefaultMountsFile}...)
+		if rootless.IsRootless() {
+			mountFiles = append([]string{UserOverrideMountsFile}, mountFiles...)
+		}
 	} else {
 		mountFiles = append(mountFiles, mountFile)
 	}