Ensure that ro mounts are remounted
Docker-DCO-1.1-Signed-off-by: Michael Crosby <michael@crosbymichael.com> (github: crosbymichael)
This commit is contained in:
parent
1adf0ae8a4
commit
8824b08802
1 changed files with 9 additions and 2 deletions
|
@ -37,14 +37,21 @@ func setupNewMountNamespace(rootfs string, bindMounts []libcontainer.Mount, cons
|
||||||
}
|
}
|
||||||
|
|
||||||
for _, m := range bindMounts {
|
for _, m := range bindMounts {
|
||||||
flags := syscall.MS_BIND | syscall.MS_REC
|
var (
|
||||||
|
flags = syscall.MS_BIND | syscall.MS_REC
|
||||||
|
dest = filepath.Join(rootfs, m.Destination)
|
||||||
|
)
|
||||||
if !m.Writable {
|
if !m.Writable {
|
||||||
flags = flags | syscall.MS_RDONLY
|
flags = flags | syscall.MS_RDONLY
|
||||||
}
|
}
|
||||||
dest := filepath.Join(rootfs, m.Destination)
|
|
||||||
if err := system.Mount(m.Source, dest, "bind", uintptr(flags), ""); err != nil {
|
if err := system.Mount(m.Source, dest, "bind", uintptr(flags), ""); err != nil {
|
||||||
return fmt.Errorf("mounting %s into %s %s", m.Source, dest, err)
|
return fmt.Errorf("mounting %s into %s %s", m.Source, dest, err)
|
||||||
}
|
}
|
||||||
|
if !m.Writable {
|
||||||
|
if err := system.Mount(m.Source, dest, "bind", uintptr(flags|syscall.MS_REMOUNT), ""); err != nil {
|
||||||
|
return fmt.Errorf("remounting %s into %s %s", m.Source, dest, err)
|
||||||
|
}
|
||||||
|
}
|
||||||
if m.Private {
|
if m.Private {
|
||||||
if err := system.Mount("", dest, "none", uintptr(syscall.MS_PRIVATE), ""); err != nil {
|
if err := system.Mount("", dest, "none", uintptr(syscall.MS_PRIVATE), ""); err != nil {
|
||||||
return fmt.Errorf("mounting %s private %s", dest, err)
|
return fmt.Errorf("mounting %s private %s", dest, err)
|
||||||
|
|
Loading…
Reference in a new issue