Fix spelling "read only" -> "read-only"

Signed-off-by: Erik Sjölund <erik.sjolund@gmail.com>
This commit is contained in:
Erik Sjölund 2022-07-02 08:37:43 +02:00
parent b00e65aa9c
commit 24fcfb5d9e
14 changed files with 26 additions and 26 deletions

View File

@ -193,7 +193,7 @@ func verifyRootDeep(path string) error {
func installExecutable(user string) (string, error) { func installExecutable(user string) (string, error) {
// Since the installed executable runs as root, as a precaution verify root ownership of // Since the installed executable runs as root, as a precaution verify root ownership of
// the entire installation path, and utilize sticky + read only perms for the helper path // the entire installation path, and utilize sticky + read-only perms for the helper path
// suffix. The goal is to help users harden against privilege escalation from loose // suffix. The goal is to help users harden against privilege escalation from loose
// filesystem permissions. // filesystem permissions.
// //

View File

@ -881,11 +881,11 @@ Suppress output information when pulling images
#### **--read-only** #### **--read-only**
Mount the container's root filesystem as read only. Mount the container's root filesystem as read-only.
By default a container will have its root filesystem writable allowing processes By default a container will have its root filesystem writable allowing processes
to write files anywhere. By specifying the `--read-only` flag the container will have to write files anywhere. By specifying the `--read-only` flag the container will have
its root filesystem mounted as read only prohibiting any writes. its root filesystem mounted as read-only prohibiting any writes.
#### **--read-only-tmpfs** #### **--read-only-tmpfs**
@ -1006,8 +1006,8 @@ Note: Labeling can be disabled for all containers by setting label=false in the
possible mount options are specified in the **proc(5)** man page. possible mount options are specified in the **proc(5)** man page.
- **unmask**=_ALL_ or _/path/1:/path/2_, or shell expanded paths (/proc/*): Paths to unmask separated by a colon. If set to **ALL**, it will unmask all the paths that are masked or made read only by default. - **unmask**=_ALL_ or _/path/1:/path/2_, or shell expanded paths (/proc/*): Paths to unmask separated by a colon. If set to **ALL**, it will unmask all the paths that are masked or made read-only by default.
The default masked paths are **/proc/acpi, /proc/kcore, /proc/keys, /proc/latency_stats, /proc/sched_debug, /proc/scsi, /proc/timer_list, /proc/timer_stats, /sys/firmware, and /sys/fs/selinux.** The default paths that are read only are **/proc/asound, /proc/bus, /proc/fs, /proc/irq, /proc/sys, /proc/sysrq-trigger, /sys/fs/cgroup**. The default masked paths are **/proc/acpi, /proc/kcore, /proc/keys, /proc/latency_stats, /proc/sched_debug, /proc/scsi, /proc/timer_list, /proc/timer_stats, /sys/firmware, and /sys/fs/selinux.** The default paths that are read-only are **/proc/asound, /proc/bus, /proc/fs, /proc/irq, /proc/sys, /proc/sysrq-trigger, /sys/fs/cgroup**.
Note: Labeling can be disabled for all containers by setting label=false in the **containers.conf** (`/etc/containers/containers.conf` or `$HOME/.config/containers/containers.conf`) file. Note: Labeling can be disabled for all containers by setting label=false in the **containers.conf** (`/etc/containers/containers.conf` or `$HOME/.config/containers/containers.conf`) file.

View File

@ -119,8 +119,8 @@ Note: Labeling can be disabled for all pods/containers by setting label=false in
- `proc-opts=OPTIONS` : Comma-separated list of options to use for the /proc mount. More details for the - `proc-opts=OPTIONS` : Comma-separated list of options to use for the /proc mount. More details for the
possible mount options are specified in the **proc(5)** man page. possible mount options are specified in the **proc(5)** man page.
- **unmask**=_ALL_ or _/path/1:/path/2_, or shell expanded paths (/proc/*): Paths to unmask separated by a colon. If set to **ALL**, it will unmask all the paths that are masked or made read only by default. - **unmask**=_ALL_ or _/path/1:/path/2_, or shell expanded paths (/proc/*): Paths to unmask separated by a colon. If set to **ALL**, it will unmask all the paths that are masked or made read-only by default.
The default masked paths are **/proc/acpi, /proc/kcore, /proc/keys, /proc/latency_stats, /proc/sched_debug, /proc/scsi, /proc/timer_list, /proc/timer_stats, /sys/firmware, and /sys/fs/selinux.** The default paths that are read only are **/proc/asound, /proc/bus, /proc/fs, /proc/irq, /proc/sys, /proc/sysrq-trigger, /sys/fs/cgroup**. The default masked paths are **/proc/acpi, /proc/kcore, /proc/keys, /proc/latency_stats, /proc/sched_debug, /proc/scsi, /proc/timer_list, /proc/timer_stats, /sys/firmware, and /sys/fs/selinux.** The default paths that are read-only are **/proc/asound, /proc/bus, /proc/fs, /proc/irq, /proc/sys, /proc/sysrq-trigger, /sys/fs/cgroup**.
Note: Labeling can be disabled for all containers by setting label=false in the **containers.conf** (`/etc/containers/containers.conf` or `$HOME/.config/containers/containers.conf`) file. Note: Labeling can be disabled for all containers by setting label=false in the **containers.conf** (`/etc/containers/containers.conf` or `$HOME/.config/containers/containers.conf`) file.

View File

@ -283,8 +283,8 @@ Note: Labeling can be disabled for all pods/containers by setting label=false in
- `proc-opts=OPTIONS` : Comma-separated list of options to use for the /proc mount. More details for the - `proc-opts=OPTIONS` : Comma-separated list of options to use for the /proc mount. More details for the
possible mount options are specified in the **proc(5)** man page. possible mount options are specified in the **proc(5)** man page.
- **unmask**=_ALL_ or _/path/1:/path/2_, or shell expanded paths (/proc/*): Paths to unmask separated by a colon. If set to **ALL**, it will unmask all the paths that are masked or made read only by default. - **unmask**=_ALL_ or _/path/1:/path/2_, or shell expanded paths (/proc/*): Paths to unmask separated by a colon. If set to **ALL**, it will unmask all the paths that are masked or made read-only by default.
The default masked paths are **/proc/acpi, /proc/kcore, /proc/keys, /proc/latency_stats, /proc/sched_debug, /proc/scsi, /proc/timer_list, /proc/timer_stats, /sys/firmware, and /sys/fs/selinux.** The default paths that are read only are **/proc/asound, /proc/bus, /proc/fs, /proc/irq, /proc/sys, /proc/sysrq-trigger, /sys/fs/cgroup**. The default masked paths are **/proc/acpi, /proc/kcore, /proc/keys, /proc/latency_stats, /proc/sched_debug, /proc/scsi, /proc/timer_list, /proc/timer_stats, /sys/firmware, and /sys/fs/selinux.** The default paths that are read-only are **/proc/asound, /proc/bus, /proc/fs, /proc/irq, /proc/sys, /proc/sysrq-trigger, /sys/fs/cgroup**.
Note: Labeling can be disabled for all containers by setting label=false in the **containers.conf** (`/etc/containers/containers.conf` or `$HOME/.config/containers/containers.conf`) file. Note: Labeling can be disabled for all containers by setting label=false in the **containers.conf** (`/etc/containers/containers.conf` or `$HOME/.config/containers/containers.conf`) file.

View File

@ -919,11 +919,11 @@ Suppress output information when pulling images
#### **--read-only** #### **--read-only**
Mount the container's root filesystem as read only. Mount the container's root filesystem as read-only.
By default a container will have its root filesystem writable allowing processes By default a container will have its root filesystem writable allowing processes
to write files anywhere. By specifying the **--read-only** flag, the container will have to write files anywhere. By specifying the **--read-only** flag, the container will have
its root filesystem mounted as read only prohibiting any writes. its root filesystem mounted as read-only prohibiting any writes.
#### **--read-only-tmpfs** #### **--read-only-tmpfs**
@ -1051,8 +1051,8 @@ Note: Labeling can be disabled for all containers by setting label=false in the
- **proc-opts**=_OPTIONS_ : Comma-separated list of options to use for the /proc mount. More details - **proc-opts**=_OPTIONS_ : Comma-separated list of options to use for the /proc mount. More details
for the possible mount options are specified in the **proc(5)** man page. for the possible mount options are specified in the **proc(5)** man page.
- **unmask**=_ALL_ or _/path/1:/path/2_, or shell expanded paths (/proc/*): Paths to unmask separated by a colon. If set to **ALL**, it will unmask all the paths that are masked or made read only by default. - **unmask**=_ALL_ or _/path/1:/path/2_, or shell expanded paths (/proc/*): Paths to unmask separated by a colon. If set to **ALL**, it will unmask all the paths that are masked or made read-only by default.
The default masked paths are **/proc/acpi, /proc/kcore, /proc/keys, /proc/latency_stats, /proc/sched_debug, /proc/scsi, /proc/timer_list, /proc/timer_stats, /sys/firmware, and /sys/fs/selinux.**. The default paths that are read only are **/proc/asound**, **/proc/bus**, **/proc/fs**, **/proc/irq**, **/proc/sys**, **/proc/sysrq-trigger**, **/sys/fs/cgroup**. The default masked paths are **/proc/acpi, /proc/kcore, /proc/keys, /proc/latency_stats, /proc/sched_debug, /proc/scsi, /proc/timer_list, /proc/timer_stats, /sys/firmware, and /sys/fs/selinux.**. The default paths that are read-only are **/proc/asound**, **/proc/bus**, **/proc/fs**, **/proc/irq**, **/proc/sys**, **/proc/sysrq-trigger**, **/sys/fs/cgroup**.
Note: Labeling can be disabled for all containers by setting **label=false** in the **containers.conf**(5) file. Note: Labeling can be disabled for all containers by setting **label=false** in the **containers.conf**(5) file.
@ -1603,7 +1603,7 @@ content. Installing packages into _/usr_, for example. In production,
applications seldom need to write to the image. Container applications write applications seldom need to write to the image. Container applications write
to volumes if they need to write to file systems at all. Applications can be to volumes if they need to write to file systems at all. Applications can be
made more secure by running them in read-only mode using the **--read-only** switch. made more secure by running them in read-only mode using the **--read-only** switch.
This protects the containers image from modification. Read only containers may This protects the containers image from modification. Read-only containers may
still need to write temporary data. The best way to handle this is to mount still need to write temporary data. The best way to handle this is to mount
tmpfs directories on _/run_ and _/tmp_. tmpfs directories on _/run_ and _/tmp_.

View File

@ -1118,7 +1118,7 @@ func (c *Container) IsInitCtr() bool {
return len(c.config.InitContainerType) > 0 return len(c.config.InitContainerType) > 0
} }
// IsReadOnly returns whether the container is running in read only mode // IsReadOnly returns whether the container is running in read-only mode
func (c *Container) IsReadOnly() bool { func (c *Container) IsReadOnly() bool {
return c.config.Spec.Root.Readonly return c.config.Spec.Root.Readonly
} }

View File

@ -48,7 +48,7 @@ const (
var ( var (
Zero = int64Amount{} Zero = int64Amount{}
// Used by quantity strings - treat as read only // Used by quantity strings - treat as read-only
zeroBytes = []byte("0") zeroBytes = []byte("0")
) )

View File

@ -29,13 +29,13 @@ const (
) )
var ( var (
// Commonly needed big.Int values-- treat as read only! // Commonly needed big.Int values-- treat as read-only!
bigTen = big.NewInt(10) bigTen = big.NewInt(10)
bigZero = big.NewInt(0) bigZero = big.NewInt(0)
bigOne = big.NewInt(1) bigOne = big.NewInt(1)
big1024 = big.NewInt(1024) big1024 = big.NewInt(1024)
// Commonly needed inf.Dec values-- treat as read only! // Commonly needed inf.Dec values-- treat as read-only!
decZero = inf.NewDec(0, 0) decZero = inf.NewDec(0, 0)
decOne = inf.NewDec(1, 0) decOne = inf.NewDec(1, 0)

View File

@ -37,7 +37,7 @@ type OverlayVolume struct {
// ImageVolume is a volume based on a container image. The container image is // ImageVolume is a volume based on a container image. The container image is
// first mounted on the host and is then bind-mounted into the container. An // first mounted on the host and is then bind-mounted into the container. An
// ImageVolume is always mounted read only. // ImageVolume is always mounted read-only.
type ImageVolume struct { type ImageVolume struct {
// Source is the source of the image volume. The image can be referred // Source is the source of the image volume. The image can be referred
// to by name and by ID. // to by name and by ID.

View File

@ -605,7 +605,7 @@ func getNamedVolume(args []string) (*specgen.NamedVolume, error) {
// Parse the arguments into an image volume. An image volume is a volume based // Parse the arguments into an image volume. An image volume is a volume based
// on a container image. The container image is first mounted on the host and // on a container image. The container image is first mounted on the host and
// is then bind-mounted into the container. An ImageVolume is always mounted // is then bind-mounted into the container. An ImageVolume is always mounted
// read only. // read-only.
func getImageVolume(args []string) (*specgen.ImageVolume, error) { func getImageVolume(args []string) (*specgen.ImageVolume, error) {
newVolume := new(specgen.ImageVolume) newVolume := new(specgen.ImageVolume)

View File

@ -2507,7 +2507,7 @@ spec:
Expect(kube).To(ExitWithError()) Expect(kube).To(ExitWithError())
}) })
It("podman play kube test with read only HostPath volume", func() { It("podman play kube test with read-only HostPath volume", func() {
hostPathLocation := filepath.Join(tempdir, "file") hostPathLocation := filepath.Join(tempdir, "file")
f, err := os.Create(hostPathLocation) f, err := os.Create(hostPathLocation)
Expect(err).To(BeNil()) Expect(err).To(BeNil())

View File

@ -1084,7 +1084,7 @@ USER mail`, BB)
Expect(session).Should(Exit(0)) Expect(session).Should(Exit(0))
ctrID := session.OutputToString() ctrID := session.OutputToString()
// check that the read only option works // check that the read-only option works
session = podmanTest.Podman([]string{"run", "--volumes-from", ctrID + ":ro", ALPINE, "touch", mountpoint + "abc.txt"}) session = podmanTest.Podman([]string{"run", "--volumes-from", ctrID + ":ro", ALPINE, "touch", mountpoint + "abc.txt"})
session.WaitWithDefaultTimeout() session.WaitWithDefaultTimeout()
Expect(session).Should(Exit(1)) Expect(session).Should(Exit(1))
@ -1108,13 +1108,13 @@ USER mail`, BB)
Expect(session).Should(Exit(125)) Expect(session).Should(Exit(125))
Expect(session.ErrorToString()).To(ContainSubstring("cannot set :z more than once in mount options")) Expect(session.ErrorToString()).To(ContainSubstring("cannot set :z more than once in mount options"))
// create new read only volume // create new read-only volume
session = podmanTest.Podman([]string{"create", "--volume", vol + ":" + mountpoint + ":ro", ALPINE, "cat", mountpoint + filename}) session = podmanTest.Podman([]string{"create", "--volume", vol + ":" + mountpoint + ":ro", ALPINE, "cat", mountpoint + filename})
session.WaitWithDefaultTimeout() session.WaitWithDefaultTimeout()
Expect(session).Should(Exit(0)) Expect(session).Should(Exit(0))
ctrID = session.OutputToString() ctrID = session.OutputToString()
// check if the original volume was mounted as read only that --volumes-from also mount it as read only // check if the original volume was mounted as read-only that --volumes-from also mount it as read-only
session = podmanTest.Podman([]string{"run", "--volumes-from", ctrID, ALPINE, "touch", mountpoint + "abc.txt"}) session = podmanTest.Podman([]string{"run", "--volumes-from", ctrID, ALPINE, "touch", mountpoint + "abc.txt"})
session.WaitWithDefaultTimeout() session.WaitWithDefaultTimeout()
Expect(session).Should(Exit(1)) Expect(session).Should(Exit(1))

View File

@ -87,7 +87,7 @@ load helpers
# Run a container with an image mount # Run a container with an image mount
run_podman run --rm --mount type=image,src=$IMAGE,dst=/image-mount $IMAGE diff /etc/os-release /image-mount/etc/os-release run_podman run --rm --mount type=image,src=$IMAGE,dst=/image-mount $IMAGE diff /etc/os-release /image-mount/etc/os-release
# Make sure the mount is read only # Make sure the mount is read-only
run_podman 1 run --rm --mount type=image,src=$IMAGE,dst=/image-mount $IMAGE touch /image-mount/read-only run_podman 1 run --rm --mount type=image,src=$IMAGE,dst=/image-mount $IMAGE touch /image-mount/read-only
is "$output" "touch: /image-mount/read-only: Read-only file system" is "$output" "touch: /image-mount/read-only: Read-only file system"

View File

@ -663,7 +663,7 @@ $ podman run --rm --rootfs /path/to/rootfs true
The command above will create all the missing directories needed to run the container. The command above will create all the missing directories needed to run the container.
After that, it can be used in read only mode, by multiple containers at the same time: After that, it can be used in read-only mode, by multiple containers at the same time:
```console ```console
$ podman run --read-only --rootfs /path/to/rootfs .... $ podman run --read-only --rootfs /path/to/rootfs ....