container/podman
container/podman
1
0
Fork 0
mirror of https://github.com/containers/podman synced 2024-10-20 17:23:30 +00:00
Code Issues Packages Projects Releases Wiki Activity

Add Linux Root Propagation to kpod create and run

Browse source 
Add [r]shared, [r]private, [r]slave functionality to the --volume flag
for kpod create and kpod run
This sets the root propagation for each bind mount

Signed-off-by: umohnani8 <umohnani@redhat.com>

Closes: #87
Approved by: rhatdan
This commit is contained in:
umohnani8 2017-11-27 13:17:42 -05:00 committed by Atomic Bot
parent c5c7341d4b
commit 34696c55e9
3 changed files with 30 additions and 19 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

34
cmd/kpod/spec.go
View file

@ -300,6 +300,16 @@ func createConfigToOCISpec(config *createConfig) (*spec.Spec, error) {
return nil, errors.Wrapf(err, "error getting volume mounts")
}
configSpec.Mounts = append(configSpec.Mounts, mounts...)
for _, mount := range configSpec.Mounts {
for _, opt := range mount.Options {
switch opt {
case "private", "rprivate", "slave", "rslave", "shared", "rshared":
if err := g.SetLinuxRootPropagation(opt); err != nil {
return nil, errors.Wrapf(err, "error setting root propagation for %q", mount.Destination)
}
}
}
}
// HANDLE CAPABILITIES
if err := setupCapabilities(config, configSpec); err != nil {
@ -442,24 +452,25 @@ func (c *createConfig) GetVolumeMounts() ([]spec.Mount, error) {
options = strings.Split(spliti[2], ",")
}
options = append(options, "rbind")
// var foundrw, foundro,
var foundz, foundZ bool
var foundrw, foundro, foundz, foundZ bool
var rootProp string
for _, opt := range options {
switch opt {
// case "rw":
// foundrw = true
// case "ro":
// foundro = true
case "rw":
foundrw = true
case "ro":
foundro = true
case "z":
foundz = true
case "Z":
foundZ = true
case "private", "rprivate", "slave", "rslave", "shared", "rshared":
rootProp = opt
}
}
// if !foundro && !foundrw {
// // rw option is default
// options = append(options, "rw")
// }
if !foundrw && !foundro {
options = append(options, "rw")
}
if foundz {
if err := label.Relabel(spliti[0], c.mountLabel, true); err != nil {
return nil, errors.Wrapf(err, "relabel failed %q", spliti[0])
@ -470,6 +481,9 @@ func (c *createConfig) GetVolumeMounts() ([]spec.Mount, error) {
return nil, errors.Wrapf(err, "relabel failed %q", spliti[0])
}
}
if rootProp == "" {
options = append(options, "rprivate")
}
m = append(m, spec.Mount{
Destination: spliti[1],

2
cmd/kpod/spec_test.go
View file

@ -13,7 +13,7 @@ func TestCreateConfig_GetVolumeMounts(t *testing.T) {
Destination: "/foobar",
Type: "bind",
Source: "foobar",
Options: []string{"ro", "rbind"},
Options: []string{"ro", "rbind", "rprivate"},
}
config := createConfig{
volumes: []string{"foobar:/foobar:ro"},

13
test/kpod_run.bats
View file

@ -125,16 +125,13 @@ IMAGE="docker.io/library/fedora:latest"
}
@test "kpod run with volume flag" {
run bash -c "${KPOD_BINARY} ${KPOD_OPTIONS} run -v ${MOUNT_PATH}:/run/test ${FEDORA_MINIMAL} cat /proc/self/mountinfo | grep '${MOUNT_PATH} /run/test rw,relatime'"
run bash -c "${KPOD_BINARY} ${KPOD_OPTIONS} run -v ${MOUNT_PATH}:/run/test ${BB} cat /proc/self/mountinfo | grep '${MOUNT_PATH} /run/test rw,relatime'"
echo $output
[ "$status" -eq 0 ]
run bash -c "${KPOD_BINARY} ${KPOD_OPTIONS} run -v ${MOUNT_PATH}:/run/test:ro ${FEDORA_MINIMAL} cat /proc/self/mountinfo | grep '${MOUNT_PATH} /run/test ro,relatime'"
run bash -c "${KPOD_BINARY} ${KPOD_OPTIONS} run -v ${MOUNT_PATH}:/run/test:ro ${BB} cat /proc/self/mountinfo | grep '${MOUNT_PATH} /run/test ro,relatime'"
echo $output
[ "$status" -eq 0 ]
run bash -c "${KPOD_BINARY} ${KPOD_OPTIONS} run -v ${MOUNT_PATH}:/run/test:shared ${BB} cat /proc/self/mountinfo | grep '${MOUNT_PATH} /run/test rw,relatime shared:'"
echo $output
[ "$status" -eq 0 ]
#run bash -c "${KPOD_BINARY} ${KPOD_OPTIONS} run -v ${MOUNT_PATH}:/run/test:shared ${FEDORA_MINIMAL} cat /proc/self/mountinfo | grep '${MOUNT_PATH} /run/test rw,relatime shared:'"
#echo $output
#[ "$status" -eq 0 ]
#run bash -c "${KPOD_BINARY} ${KPOD_OPTIONS} run -v ${MOUNT_PATH}:/run/test:rslave ${FEDORA_MINIMAL} cat /proc/self/mountinfo | grep '${MOUNT_PATH} /run/test rw,relatime master:'"
#echo $output
#[ "$status" -eq 0 ]
}