939a58b967
Before #5083, when running with chroot isolation ro mounts like secrets from env vars would explicitly have the unix.MS_NOEXEC, unix.MS_NOSUID and unix.MS_NODEV flags set when they were remounted. Now when running with chroot isolation ro mounts like secrets from env vars are not getting those same flags set and so the remount operation fails. Specifically it looks like we are missing the unix.MS_NOSUID and unix.MS_NODEV flags. This change adds special handling for read-only mounts when we need to do a remount to try to get the desired flags to stick. If we've requested a read-only mount (unix.ST_RDONLY is set in requestFlags), then we add any possibleImportantFlags that are set in fs.Flags to remountFlags so the remount operation doesn't fail because they are missing. I've also added a test to bud.bats that covers this case. Signed-off-by: Jonah Bull <jonah.bull@elastic.co> |
||
|---|---|---|
| .. | ||
| pty_posix.go | ||
| pty_ptmx.go | ||
| pty_unsupported.go | ||
| run_common.go | ||
| run_freebsd.go | ||
| run_linux.go | ||
| run_test.go | ||
| seccomp.go | ||
| seccomp_freebsd.go | ||
| seccomp_unsupported.go | ||
| selinux.go | ||
| selinux_unsupported.go | ||
| unsupported.go | ||