rootless: bind mount: fix "operation not permitted"
The following was failing previously, because `getUnprivilegedMountFlags()` was not called: ```console $ sudo mount -t tmpfs -o noexec none /tmp/foo $ $ docker --context=rootless run -it --rm -v /tmp/foo:/mnt:ro alpine docker: Error response from daemon: OCI runtime create failed: container_linux.go:367: starting container process caused: process_linux.go:520: container init caused: rootfs_linux.go:60: mounting "/tmp/foo" to rootfs at "/home/suda/.local/share/docker/overlay2/b8e7ea02f6ef51247f7f10c7fb26edbfb308d2af8a2c77915260408ed3b0a8ec/merged/mnt" caused: operation not permitted: unknown. ``` Signed-off-by: Akihiro Suda <akihiro.suda.cz@hco.ntt.co.jp>
This commit is contained in:
parent
b96a0909f0
commit
248f98ef5e
1 changed files with 1 additions and 1 deletions
|
@ -648,7 +648,7 @@ func WithMounts(daemon *Daemon, c *container.Container) coci.SpecOpts {
|
|||
// "mount" when we bind-mount. The reason for this is that at the point
|
||||
// when runc sets up the root filesystem, it is already inside a user
|
||||
// namespace, and thus cannot change any flags that are locked.
|
||||
if daemon.configStore.RemappedRoot != "" {
|
||||
if daemon.configStore.RemappedRoot != "" || sys.RunningInUserNS() {
|
||||
unprivOpts, err := getUnprivilegedMountFlags(m.Source)
|
||||
if err != nil {
|
||||
return err
|
||||
|
|
Loading…
Reference in a new issue