diff --git a/pkg/specgenutil/volumes.go b/pkg/specgenutil/volumes.go index 510b11254b..d94aba887f 100644 --- a/pkg/specgenutil/volumes.go +++ b/pkg/specgenutil/volumes.go @@ -272,6 +272,12 @@ func parseMountOptions(mountType string, args []string) (*spec.Mount, error) { if !hasValue { return nil, fmt.Errorf("%v: %w", name, errOptionArg) } + switch value { + case "shared", "rshared", "private", "rprivate", "slave", "rslave", "unbindable", "runbindable": + // Do nothing, sane value + default: + return nil, fmt.Errorf("invalid value %q", arg) + } mnt.Options = append(mnt.Options, value) case "consistency": // Often used on MACs and mistakenly on Linux platforms. diff --git a/test/e2e/run_volume_test.go b/test/e2e/run_volume_test.go index 4a4a7078e1..c3546a317d 100644 --- a/test/e2e/run_volume_test.go +++ b/test/e2e/run_volume_test.go @@ -122,6 +122,10 @@ var _ = Describe("Podman run with volumes", func() { session.WaitWithDefaultTimeout() Expect(session).To(ExitWithError(125, `"notmpcopyup" option not supported for "bind" mount types`)) + session = podmanTest.Podman([]string{"run", "--rm", "--mount", "type=bind,src=/tmp,target=/tmp,bind-propagation=fake", ALPINE, "true"}) + session.WaitWithDefaultTimeout() + Expect(session).To(ExitWithError(125, `invalid value "bind-propagation=fake"`)) + session = podmanTest.Podman([]string{"run", "--rm", "--mount", "type=tmpfs,target=/etc/ssl,notmpcopyup", ALPINE, "ls", "/etc/ssl"}) session.WaitWithDefaultTimeout() Expect(session).Should(ExitCleanly())