Add the --no-pivot flag to the run command

--no-pivot: "do not use pivot root to jail process inside rootfs. This should be used whenever the rootfs is on top of a ramdisk"
containers · Oct 5, 2018 · 515e436 · 515e436
1 parent 318fc89
commit 515e436
Show file tree

Hide file tree

Showing 2 changed files with 16 additions and 1 deletion.
diff --git a/cmd/buildah/run.go b/cmd/buildah/run.go
@@ -43,6 +43,10 @@ var (
 			Name:  "runtime-flag",
 			Usage: "add global flags for the container runtime",
 		},
+		cli.BoolFlag{
+			Name:  "no-pivot",
+			Usage: "do not use pivot root to jail process inside rootfs",
+		},
 		cli.StringSliceFlag{
 			Name:  "security-opt",
 			Usage: "security options (default [])",
@@ -108,6 +112,8 @@ func runCmd(c *cli.Context) error {
 		runtimeFlags = append(runtimeFlags, "--"+arg)
 	}
 
+	noPivot := c.Bool("no-pivot")
+
 	namespaceOptions, networkPolicy, err := parse.NamespaceOptions(c)
 	if err != nil {
 		return errors.Wrapf(err, "error parsing namespace-related options")
@@ -117,6 +123,7 @@ func runCmd(c *cli.Context) error {
 		Hostname:         c.String("hostname"),
 		Runtime:          c.String("runtime"),
 		Args:             runtimeFlags,
+		NoPivot:          noPivot,
 		User:             c.String("user"),
 		Isolation:        isolation,
 		NamespaceOptions: namespaceOptions,

diff --git a/run.go b/run.go
@@ -146,6 +146,8 @@ type RunOptions struct {
 	Runtime string
 	// Args adds global arguments for the runtime.
 	Args []string
+	// NoPivot adds the --no-pivot runtime flag.
+	NoPivot bool
 	// Mounts are additional mount points which we want to provide.
 	Mounts []specs.Mount
 	// Env is additional environment variables to set.
@@ -1091,7 +1093,13 @@ func (b *Builder) Run(command []string, options RunOptions) error {
 		// 	}
 		// }
 		// options.Args = append(options.Args, rootlessFlag...)
-		err = b.runUsingRuntimeSubproc(options, configureNetwork, configureNetworks, nil, spec, mountPoint, path, Package+"-"+filepath.Base(path))
+		var moreCreateArgs []string
+		if options.NoPivot {
+			moreCreateArgs = []string{"--no-pivot"}
+		} else {
+			moreCreateArgs = nil
+		}
+		err = b.runUsingRuntimeSubproc(options, configureNetwork, configureNetworks, moreCreateArgs, spec, mountPoint, path, Package+"-"+filepath.Base(path))
 	case IsolationChroot:
 		err = chroot.RunUsingChroot(spec, path, options.Stdin, options.Stdout, options.Stderr)
 	case IsolationOCIRootless: