From 414039b451e43ad3463495252c4ae85f3998befd Mon Sep 17 00:00:00 2001
From: "W. Trevor King" <wking@tremily.us>
Date: Fri, 26 May 2017 09:24:11 -0700
Subject: [PATCH] libcontainer/specconv/spec_linux: Add support for (no)acl

Part of catching runC up with the spec, which punts valid options to
mount(8) [1,2].  This is a filesystem-specific entry in mount(8), but
it's represented by a MS_* flag in mount(2) so we need an entry in the
translation table.

[1]: https://github.com/opencontainers/runtime-spec/blame/v1.0.0-rc5/config.md#L68
[2]: https://github.com/opencontainers/runtime-spec/pull/771

Signed-off-by: W. Trevor King <wking@tremily.us>
---
 libcontainer/specconv/spec_linux.go | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/libcontainer/specconv/spec_linux.go b/libcontainer/specconv/spec_linux.go
index 41af6997111..156a9d9ea80 100644
--- a/libcontainer/specconv/spec_linux.go
+++ b/libcontainer/specconv/spec_linux.go
@@ -639,6 +639,7 @@ func parseMountOptions(options []string) (int, []int, string, int) {
 		clear bool
 		flag  int
 	}{
+		"acl":           {false, unix.MS_POSIXACL},
 		"async":         {true, unix.MS_SYNCHRONOUS},
 		"atime":         {true, unix.MS_NOATIME},
 		"bind":          {false, unix.MS_BIND},
@@ -648,6 +649,7 @@ func parseMountOptions(options []string) (int, []int, string, int) {
 		"dirsync":       {false, unix.MS_DIRSYNC},
 		"exec":          {true, unix.MS_NOEXEC},
 		"mand":          {false, unix.MS_MANDLOCK},
+		"noacl":         {true, unix.MS_POSIXACL},
 		"noatime":       {false, unix.MS_NOATIME},
 		"nodev":         {false, unix.MS_NODEV},
 		"nodiratime":    {false, unix.MS_NODIRATIME},