Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Mount with read-only option is rejected by podman #6379

Closed
schrht opened this issue May 26, 2020 · 3 comments · Fixed by #6380
Closed

Mount with read-only option is rejected by podman #6379

schrht opened this issue May 26, 2020 · 3 comments · Fixed by #6380
Assignees
@sujil02
Labels
kind/bug Categorizes issue or PR as related to a bug. locked - please file new issue/PR Assist humans wanting to comment on an old issue or PR with locked comments.

Comments

@schrht
Copy link
Contributor

schrht commented May 26, 2020

Is this a BUG REPORT or FEATURE REQUEST? (leave only one on its own line)
BUG REPORT

/kind bug

/kind feature

Description

The read-only option of --mount is rejected by podman, which is a mismatch with the manual.

When run container with mount/read-only, it fails:

$ podman run -d --mount type=volume,source=volume1,destination=/volume1,read-only=true fedora:28 whoami
Error: read-only: invalid mount option

Replace read-only with ro, the command will work:

$ podman run -d --mount type=volume,source=volume1,destination=/volume1,ro=true fedora:28 whoami
7f59c20f5824823f91a6be9472f33ce91420a60f80d998ca9a1df85678446ffc

But according to the manual, both read-only and ro should work.

$ man podman-run

       --mount=type=TYPE,TYPE-SPECIFIC-OPTION[,...]

       Attach a filesystem mount to the container

       Current supported mount TYPEs are bind, volume, and tmpfs.

                 e.g.

                 type=bind,source=/path/on/host,destination=/path/in/container

                 type=bind,src=/path/on/host,dst=/path/in/container,relabel=shared

                 type=volume,source=vol1,destination=/path/in/container,ro=true

                 type=tmpfs,tmpfs-size=512M,destination=/path/in/container

                 Common Options:

                    · src, source: mount source spec for bind and volume. Mandatory for bind.

                    · dst, destination, target: mount destination spec.

                    · ro, read-only: true or false (default).

Steps to reproduce the issue:

  1. Run the container with mount/read-only option.

Describe the results you received:
podman rejected the option with message: "Error: read-only: invalid mount option"

Describe the results you expected:
Option read-only can be accepted or the manual to be updated to match the actual behavior.

Additional information you deem important (e.g. issue happens only occasionally):
I checked the code of parsing --mount flags for bind mount, the issue still exists in the latest code.
https://github.com/containers/libpod/blob/master/cmd/podman/common/volumes.go#L212-L240

Output of podman version:

Version:            1.9.1
RemoteAPI Version:  1
Go Version:         go1.13.10
OS/Arch:            linux/amd64

Output of podman info --debug:

debug:
  compiler: gc
  gitCommit: ""
  goVersion: go1.13.10
  podmanVersion: 1.9.1
host:
  arch: amd64
  buildahVersion: 1.14.8
  cgroupVersion: v1
  conmon:
    package: conmon-2.0.15-1.fc31.x86_64
    path: /usr/bin/conmon
    version: 'conmon version 2.0.15, commit: 4152e6044da92e0c5f246e5adf14c85f41443759'
  cpus: 4
  distribution:
    distribution: fedora
    version: "31"
  eventLogger: file
  hostname: cheshi-laptop3
  idMappings:
    gidmap:
    - container_id: 0
      host_id: 1000
      size: 1
    - container_id: 1
      host_id: 100000
      size: 65536
    uidmap:
    - container_id: 0
      host_id: 1000
      size: 1
    - container_id: 1
      host_id: 100000
      size: 65536
  kernel: 5.6.8-200.fc31.x86_64
  memFree: 298434560
  memTotal: 16417746944
  ociRuntime:
    name: runc
    package: containerd.io-1.2.13-3.2.fc31.x86_64
    path: /usr/bin/runc
    version: |-
      runc version 1.0.0-rc10
      commit: dc9208a3303feef5b3839f4323d9beb36df0a9dd
      spec: 1.0.1-dev
  os: linux
  rootless: true
  slirp4netns:
    executable: /usr/bin/slirp4netns
    package: slirp4netns-1.0.1-1.fc31.x86_64
    version: |-
      slirp4netns version 1.0.1
      commit: 6a7b16babc95b6a3056b33fb45b74a6f62262dd4
      libslirp: 4.1.0
  swapFree: 8282443776
  swapTotal: 8283746304
  uptime: 95h 24m 45.51s (Approximately 3.96 days)
registries:
  search:
  - registry.fedoraproject.org
  - registry.access.redhat.com
  - registry.centos.org
  - docker.io
store:
  configFile: /home/cheshi/.config/containers/storage.conf
  containerStore:
    number: 2
    paused: 0
    running: 0
    stopped: 2
  graphDriverName: overlay
  graphOptions:
    overlay.mount_program:
      Executable: /usr/bin/fuse-overlayfs
      Package: fuse-overlayfs-1.0.0-1.fc31.x86_64
      Version: |-
        fusermount3 version: 3.6.2
        fuse-overlayfs: version 1.0.0
        FUSE library version 3.6.2
        using FUSE kernel interface version 7.29
  graphRoot: /home/cheshi/.local/share/containers/storage
  graphStatus:
    Backing Filesystem: extfs
    Native Overlay Diff: "false"
    Supports d_type: "true"
    Using metacopy: "false"
  imageStore:
    number: 21
  runRoot: /run/user/1000/containers
  volumePath: /home/cheshi/.local/share/containers/storage/volumes

Package info (e.g. output of rpm -q podman or apt list podman):

podman-1.9.1-1.fc31.x86_64

Additional environment details (AWS, VirtualBox, physical, etc.):
Physical with Fedora 31.
@openshift-ci-robot openshift-ci-robot added kind/bug Categorizes issue or PR as related to a bug. kind/feature Categorizes issue or PR as related to a new feature. labels May 26, 2020
@mheon mheon removed the kind/feature Categorizes issue or PR as related to a new feature. label May 26, 2020
@mheon mheon mentioned this issue May 26, 2020
Merged
@rhatdan
Copy link
Member

rhatdan commented May 26, 2020

Thanks it looks like to match Docker we should support readonly, which sadly also does not work.
@SCHEN2015 If you want to take a stab at fixing this, it would be appreciated,
Otherwise
@sujil02 PTAL

@mheon
Copy link
Member

mheon commented May 26, 2020

Already implemented in #6380

mheon added a commit to mheon/libpod that referenced this issue May 26, 2020
@mheon
Add support for readonly option to --mount
e26f9ed 
This is just an alias to the `ro` option, but it's already in the
manpages (and Docker) so we might as well add support for it.

Fixes containers#6379

Signed-off-by: Matthew Heon <[email protected]>
@schrht
Copy link
Contributor Author

schrht commented May 27, 2020
edited
Loading

Already implemented in #6380

Thanks mheon, one small comment for the code. Not sure if it is feasible.
#6380 (comment)

snj33v pushed a commit to snj33v/libpod that referenced this issue May 31, 2020
@mheon @snj33v
Add support for readonly option to --mount
664dc9b 
This is just an alias to the `ro` option, but it's already in the
manpages (and Docker) so we might as well add support for it.

Fixes containers#6379

Signed-off-by: Matthew Heon <[email protected]>
@github-actions github-actions bot added the locked - please file new issue/PR Assist humans wanting to comment on an old issue or PR with locked comments. label Sep 23, 2023
@github-actions github-actions bot locked as resolved and limited conversation to collaborators Sep 23, 2023
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Assignees

@sujil02 sujil02

Labels
kind/bug Categorizes issue or PR as related to a bug. locked - please file new issue/PR Assist humans wanting to comment on an old issue or PR with locked comments.
Projects
None yet
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

Add support for readonly option to --mount mheon/libpod
5 participants
@rhatdan @mheon @schrht @sujil02 @openshift-ci-robot