opensource/podman
1
0
Fork 0
mirror of https://github.com/containers/podman.git synced 2025-10-25 10:16:43 +08:00
Code Issues Packages Projects Releases Wiki Activity

We should not be mounting /run as noexec when run with --systemd

Browse Source 
The system defaults /run to "exec" mode, and we default --read-only
mounts on /run to "exec", so --systemd should follow suit.

Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
This commit is contained in:
Daniel J Walsh
2020-09-02 07:49:11 -04:00
parent 1184cdf03d
commit d68a6b52ec
3 changed files with 18 additions and 2 deletions
Download Patch File Download Diff File Expand all files Collapse all files

8
test/e2e/run_test.go
View File

@ -919,6 +919,14 @@ USER mail`
Expect(session.OutputToString()).To(Not(ContainSubstring("/dev/shm type tmpfs (ro,")))
})
It("podman run readonly container should NOT mount /run noexec", func() {
session := podmanTest.Podman([]string{"run", "--read-only", ALPINE, "sh", "-c", "mount | grep \"/run \""})
session.WaitWithDefaultTimeout()
Expect(session.ExitCode()).To(Equal(0))
Expect(session.OutputToString()).To(Not(ContainSubstring("noexec")))
})
It("podman run with bad healthcheck retries", func() {
session := podmanTest.Podman([]string{"run", "-dt", "--health-cmd", "[\"foo\"]", "--health-retries", "0", ALPINE, "top"})
session.Wait()