From 70340244b84956621d034909046d825c137b45de Mon Sep 17 00:00:00 2001
From: Daniel J Walsh <dwalsh@redhat.com>
Date: Tue, 19 May 2020 16:35:52 -0400
Subject: [PATCH] Fix mountpont in SecretMountsWithUIDGID

FIPS Mode is failing, because we are attempting to mount the backend
directory from the wrong spot.  The parameter is supposed to be
the container image mountpoint not the runtime directory.

Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
---
 libpod/container_internal_linux.go | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/libpod/container_internal_linux.go b/libpod/container_internal_linux.go
index c40ad45b95..58645833d5 100644
--- a/libpod/container_internal_linux.go
+++ b/libpod/container_internal_linux.go
@@ -1229,7 +1229,7 @@ func (c *Container) makeBindMounts() error {
 	}
 
 	// Add Secret Mounts
-	secretMounts := secrets.SecretMountsWithUIDGID(c.config.MountLabel, c.state.RunDir, c.runtime.config.Containers.DefaultMountsFile, c.state.RunDir, c.RootUID(), c.RootGID(), rootless.IsRootless(), false)
+	secretMounts := secrets.SecretMountsWithUIDGID(c.config.MountLabel, c.state.RunDir, c.runtime.config.Containers.DefaultMountsFile, c.state.Mountpoint, c.RootUID(), c.RootGID(), rootless.IsRootless(), false)
 	for _, mount := range secretMounts {
 		if _, ok := c.state.BindMounts[mount.Destination]; !ok {
 			c.state.BindMounts[mount.Destination] = mount.Source