podman

opensource/podman

Fork 0

mirror of https://github.com/containers/podman.git synced 2025-06-22 18:08:11 +08:00

Commit Graph

Author	SHA1	Message	Date
Matthew Heon	cc65430145	Turn off 'noexec' option by default for named volumes We previously enforced this for security reasons, but as Dan has explained on several occasions, it's not very valuable there (it's trivially easy to bypass) and it does seriously annoy folks trying to use named volumes. Flip the default from 'on' to 'off'. Signed-off-by: Matthew Heon <mheon@redhat.com>	2020-05-20 16:48:20 -04:00
Kir Kolyshkin	e0614367ca	pkg/spec.InitFSMounts: optimize Instead of getting mount options from /proc/self/mountinfo, which is very costly to read/parse (and can even be unreliable), let's use statfs(2) to figure out the flags we need. [v2: move getting default options to pkg/util, make it linux-specific] Signed-off-by: Kir Kolyshkin <kolyshkin@gmail.com>	2020-04-02 07:52:34 -07:00

Author

SHA1

Message

Date

Matthew Heon

cc65430145

Turn off 'noexec' option by default for named volumes

We previously enforced this for security reasons, but as Dan has
explained on several occasions, it's not very valuable there
(it's trivially easy to bypass) and it does seriously annoy folks
trying to use named volumes. Flip the default from 'on' to 'off'.

Signed-off-by: Matthew Heon <mheon@redhat.com>

2020-05-20 16:48:20 -04:00

Kir Kolyshkin

e0614367ca

pkg/spec.InitFSMounts: optimize

Instead of getting mount options from /proc/self/mountinfo, which is
very costly to read/parse (and can even be unreliable), let's use
statfs(2) to figure out the flags we need.

[v2: move getting default options to pkg/util, make it linux-specific]

Signed-off-by: Kir Kolyshkin <kolyshkin@gmail.com>

2020-04-02 07:52:34 -07:00

2 Commits