github/containerd
4
0
Fork 0
Code Issues Pull Requests Packages Projects Releases 2 Wiki Activity

Use rbind and rprivate in bind mount.

Browse Source 
Signed-off-by: Lantao Liu <lantaol@google.com>
This commit is contained in:
Lantao Liu
2017-08-30 01:39:53 +00:00
parent 55ee423224
commit 3f4978b77b
3 changed files with 11 additions and 9 deletions
Download Patch File Download Diff File Expand all files Collapse all files

6
pkg/server/container_create.go
View File

@@ -438,9 +438,11 @@ func addOCIBindMounts(g *generate.Generator, mounts []*runtime.Mount) {
for _, mount := range mounts {
dst := mount.GetContainerPath()
src := mount.GetHostPath()
options := []string{"rw"}
options := []string{"rbind", "rprivate"}
if mount.GetReadonly() {
options = []string{"ro"}
options = append(options, "ro")
} else {
options = append(options, "rw")
}
// TODO(random-liu): [P1] Apply selinux label
g.AddBindMount(src, dst, options)