New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
tmpfs noswap support #19659
Labels
kind/feature
Categorizes issue or PR as related to a new feature.
locked - please file new issue/PR
Assist humans wanting to comment on an old issue or PR with locked comments.
Comments
bplaxco
added
the
kind/feature
Categorizes issue or PR as related to a new feature.
label
Aug 17, 2023
rhatdan
added a commit
to rhatdan/podman
that referenced
this issue
Aug 17, 2023
Fixes: containers#19659 Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
rhatdan
added a commit
to rhatdan/podman
that referenced
this issue
Aug 17, 2023
Fixes: containers#19659 Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
rhatdan
added a commit
to rhatdan/podman
that referenced
this issue
Aug 17, 2023
Fixes: containers#19659 Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
rhatdan
added a commit
to rhatdan/podman
that referenced
this issue
Aug 21, 2023
Users want to mount a tmpfs file system with secrets, and make sure the secret is never saved into swap. They can do this either by using a ramfs tmpfs mount or by passing `noswap` option to a tmpfs mount. Fixes: containers#19659 Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
rhatdan
added a commit
to rhatdan/podman
that referenced
this issue
Aug 21, 2023
Users want to mount a tmpfs file system with secrets, and make sure the secret is never saved into swap. They can do this either by using a ramfs tmpfs mount or by passing `noswap` option to a tmpfs mount. Fixes: containers#19659 Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
@rhatdan thanks for the quick response on that! I appreciate it ^_^ |
github-actions
bot
added
the
locked - please file new issue/PR
Assist humans wanting to comment on an old issue or PR with locked comments.
label
Nov 26, 2023
Sign up for free
to subscribe to this conversation on GitHub.
Already have an account?
Sign in.
Labels
kind/feature
Categorizes issue or PR as related to a new feature.
locked - please file new issue/PR
Assist humans wanting to comment on an old issue or PR with locked comments.
Feature request description
Would like the ability to create noswap tmpfs mounts through
--mount
so that I can ensure sensitive variable runtime data is never written to disk.(Also this might be a potentially useful tweak/option to add to the secret feature in podman, but I haven't dug into that as much since that appears to be for static secrets. I still wanted to mention that here since I read something that indicated those are also stored on tmpfs volumes and didn't see matches for
noswap
in any of the repos here.)Suggest potential solution
Support a tmpfs-noswap flag that would be similar to passing
-o noswap
to mount for a tmpfs.Have you considered any alternatives?
I have considered doing something like:
But id rather not add extra caps in. I also considered doing a noswap tmpfs on the host and mounting that into the container.
Additional context
This isn't urgent at all, and I figured I'd call this and the potential use case out in the
secret
feature here in case it's useful for other folks as well.Thanks for all the great work folks! ^_^
The text was updated successfully, but these errors were encountered: