Skip to content

Commit

Permalink
Merge pull request #603 from hqhq/hq_set_sysfs_ro
Browse files Browse the repository at this point in the history 
Set sysfs readonly in config
  • Loading branch information
Mrunal Patel committed Mar 1, 2016
2 parents 146643f + bbd97cc commit af3c52c
Showing 1 changed file with 1 addition and 9 deletions.
10 changes: 1 addition & 9 deletions spec.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -94,7 +94,7 @@ var specCommand = cli.Command{
Destination: "/sys",
Type: "sysfs",
Source: "sysfs",
Options: []string{"nosuid", "noexec", "nodev"},
Options: []string{"nosuid", "noexec", "nodev", "ro"},
},
{
Destination: "/sys/fs/cgroup",
Expand Down Expand Up @@ -575,14 +575,6 @@ func createDevices(spec *specs.LinuxSpec, config *configs.Config) error {
return nil
}

func setReadonly(config *configs.Config) {
for _, m := range config.Mounts {
if m.Device == "sysfs" {
m.Flags |= syscall.MS_RDONLY
}
}
}

func setupUserNamespace(spec *specs.LinuxSpec, config *configs.Config) error {
if len(spec.Linux.UIDMappings) == 0 {
return nil
Expand Down

0 comments on commit af3c52c

Please sign in to comment.