OSSInnovation
/
runc
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity

Set sysfs readonly in config 

It is what we hard coded in runC, now we do it in config,
also removed the legacy function.

Signed-off-by: Qiang Huang <h.huangqiang@huawei.com>
This commit is contained in:
Qiang Huang 2016-03-01 10:23:08 +08:00
parent 146643f1f9
commit bbd97cc98e
1 changed files with 1 additions and 9 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

10
spec.go
View File

@ -94,7 +94,7 @@ var specCommand = cli.Command{
Destination: "/sys",
Type: "sysfs",
Source: "sysfs",
Options: []string{"nosuid", "noexec", "nodev"},
Options: []string{"nosuid", "noexec", "nodev", "ro"},
},
{
Destination: "/sys/fs/cgroup",
@ -575,14 +575,6 @@ func createDevices(spec *specs.LinuxSpec, config *configs.Config) error {
return nil
}
func setReadonly(config *configs.Config) {
for _, m := range config.Mounts {
if m.Device == "sysfs" {
m.Flags |= syscall.MS_RDONLY
}
}
}
func setupUserNamespace(spec *specs.LinuxSpec, config *configs.Config) error {
if len(spec.Linux.UIDMappings) == 0 {
return nil