containers
/
podman
mirror of https://github.com/containers/podman.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

rootless: fix --pid=host without --privileged 

When using --pid=host don't try to cover /proc paths, as they are
coming from the /proc bind mounted from the host.

Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
This commit is contained in:
Giuseppe Scrivano 2019-01-18 17:12:23 +01:00
parent a2ab36d0d1
commit 8156f8c694
No known key found for this signature in database
GPG Key ID: E4730F97F60286ED
2 changed files with 8 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
pkg/spec/spec.go
View File

@ -376,6 +376,10 @@ func CreateConfigToOCISpec(config *CreateConfig) (*spec.Spec, error) { //nolint
}
func blockAccessToKernelFilesystems(config *CreateConfig, g *generate.Generator) {
if config.PidMode.IsHost() && rootless.IsRootless() {
return
}
if !config.Privileged {
for _, mp := range []string{
"/proc/acpi",

4
test/e2e/rootless_test.go
View File

@ -276,6 +276,10 @@ var _ = Describe("Podman rootless", func() {
runRootlessHelper([]string{"--net", "host"})
})
It("podman rootless rootfs --pid host", func() {
runRootlessHelper([]string{"--pid", "host"})
})
It("podman rootless rootfs --privileged", func() {
runRootlessHelper([]string{"--privileged"})
})