Blob Blame History Raw
From 35829854a24133f5f6900f6ee252d154dd742a15 Mon Sep 17 00:00:00 2001
From: Daniel J Walsh <dwalsh@redhat.com>
Date: Tue, 19 May 2020 16:32:42 -0400
Subject: [PATCH] Fix mountpont in SecretMountsWithUIDGID

In FIPS Mode we expect to work off of the Mountpath not the Rundir path.
This is causing FIPS Mode checks to fail.

Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
---
 libpod/container_internal_linux.go | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/libpod/container_internal_linux.go b/libpod/container_internal_linux.go
index 8ee0fb456d..2bd6099f06 100644
--- libpod-1.9.2/libpod/container_internal_linux.go
+++ libpod-1.9.2/libpod/container_internal_linux.go
@@ -1236,7 +1236,7 @@ func (c *Container) makeBindMounts() error {
 	}
 
 	// Add Secret Mounts
-	secretMounts := secrets.SecretMountsWithUIDGID(c.config.MountLabel, c.state.RunDir, c.runtime.config.Containers.DefaultMountsFile, c.state.RunDir, c.RootUID(), c.RootGID(), rootless.IsRootless(), false)
+	secretMounts := secrets.SecretMountsWithUIDGID(c.config.MountLabel, c.state.RunDir, c.runtime.config.Containers.DefaultMountsFile, c.state.Mountpoint, c.RootUID(), c.RootGID(), rootless.IsRootless(), false)
 	for _, mount := range secretMounts {
 		if _, ok := c.state.BindMounts[mount.Destination]; !ok {
 			c.state.BindMounts[mount.Destination] = mount.Source