Is this a BUG REPORT or FEATURE REQUEST?:
Uncomment only one, leave it on its own line:
/kind bug
/kind feature
What happened:
$ kubectl exec -ti demo-1986931840-cxt6m -- sh
/ # mount | grep tmpfs
tmpfs on /dev type tmpfs (rw,nosuid,mode=755)
tmpfs on /sys/fs/cgroup type tmpfs (ro,nosuid,nodev,noexec,relatime,mode=755)
tmpfs on /tmp type tmpfs (rw,relatime) # mounted using emptyDir
tmpfs on /var/run type tmpfs (rw,relatime) # mounted using emptyDir
tmpfs on /var/run/secrets/kubernetes.io/serviceaccount type tmpfs (ro,relatime)
shm on /dev/shm type tmpfs (rw,nosuid,nodev,noexec,relatime,size=65536k)
tmpfs on /proc/kcore type tmpfs (rw,nosuid,mode=755)
tmpfs on /proc/timer_stats type tmpfs (rw,nosuid,mode=755)
What you expected to happen:
$ docker run --rm --read-only --tmpfs /tmp debian:9 mount | grep "nosuid,nodev,noexec" | grep tmpfs
tmpfs on /sys/fs/cgroup type tmpfs (ro,nosuid,nodev,noexec,relatime,mode=755)
tmpfs on /tmp type tmpfs (rw,nosuid,nodev,noexec,relatime)
shm on /dev/shm type tmpfs (rw,nosuid,nodev,noexec,relatime,size=65536k)
How to reproduce it (as minimally and precisely as possible):
Anything else we need to know?:
It is recommended to mount tmpfs with nosuid,noexec,nodev options.
Environment:
- Kubernetes version (use
kubectl version): Client Version: v1.7.0 Server Version: v1.6.4
- Cloud provider or hardware configuration**: minikube
- OS (e.g. from /etc/os-release):
- Kernel (e.g.
uname -a):
- Install tools:
- Others:
Is this a BUG REPORT or FEATURE REQUEST?:
/kind bug
What happened:
What you expected to happen:
How to reproduce it (as minimally and precisely as possible):
Anything else we need to know?:
It is recommended to mount tmpfs with
nosuid,noexec,nodevoptions.Environment:
kubectl version): Client Version: v1.7.0 Server Version: v1.6.4uname -a):