The 'podman run --mount' flag previously allowed the 'ro' option
to be specified, but was missing the ability to set it to a bool
(as is allowed by docker). Add that. While we're at it, allow
setting 'rw' explicitly as well.
Fixes#2980
Signed-off-by: Matthew Heon <matthew.heon@pm.me>
These are only used on OS X Docker, and ignored elsewhere - but
since they are ignored, they're guaranteed to be safe everywhere,
and people are using them.
Fixes: #3340
Signed-off-by: Matthew Heon <matthew.heon@pm.me>
When we supercede low-priority mounts and volumes (image volumes,
and volumes sourced from --volumes-from) with higher-priority
ones (the --volume and --mount flags), we always replaced
lower-priority mounts of the same type (e.g. a user mount to
/tmp/test1 would supercede a volumes-from mount to the same
destination). However, we did not supercede the opposite type - a
named volume from image volumes at /tmp/test1 would be allowed to
remain and create a conflict, preventing container creation.
Solve this by destroying opposite types before merging (we can't
do it in the same loop, as then named volumes, which go second,
might trample changes made by mounts).
Fixes#3174
Signed-off-by: Matthew Heon <matthew.heon@pm.me>
This ensures that all tmpfs mounts added by the user, even with
the --mount flag, share a few common options (nosuid, noexec,
nodev), and options for tmpfs mounts are properly validated to
ensure they are correct.
Signed-off-by: Matthew Heon <matthew.heon@pm.me>
As part of this, move bind mount option validity parsing and
modification (adding e.g. rbind on bind mounts that are missing
it), which requires test changes (expected values have changed).
Signed-off-by: Matthew Heon <matthew.heon@pm.me>
We were unconditionally resetting volume mount options for all
mount points (and by the looks of things, completely dropping
tmpfs mounts), which was causing runc to refuse to run containers
and all the tests to consequently fail.
Signed-off-by: Matthew Heon <matthew.heon@pm.me>
Unify handling for the --volume, --mount, --volumes-from, --tmpfs
and --init flags into a single file and set of functions. This
will greatly improve readability and maintainability.
Further, properly handle superceding and conflicting mounts. Our
current patchwork has serious issues when mounts conflict, or
when a mount from --volumes-from or an image volume should be
overwritten by a user volume or named volume.
Signed-off-by: Matthew Heon <matthew.heon@pm.me>
Matthew Heon
Daniel J Walsh
Qi Wang
Giuseppe Scrivano