Merge pull request #603 from hqhq/hq_set_sysfs_ro

Set sysfs readonly in config
2016-03-01 11:15:19 -05:00 · 2016-03-01 11:15:19 -05:00 · af3c52c5b7
parent 146643f1f9 bbd97cc98e
commit af3c52c5b7
1 changed files with 1 additions and 9 deletions
--- a/spec.go
+++ b/spec.go
@ -94,7 +94,7 @@ var specCommand = cli.Command{
 						Destination: "/sys",
 						Type:        "sysfs",
 						Source:      "sysfs",
-						Options:     []string{"nosuid", "noexec", "nodev"},
+						Options:     []string{"nosuid", "noexec", "nodev", "ro"},
 					},
 					{
 						Destination: "/sys/fs/cgroup",
@ -575,14 +575,6 @@ func createDevices(spec *specs.LinuxSpec, config *configs.Config) error {
 	return nil
 }

-func setReadonly(config *configs.Config) {
-	for _, m := range config.Mounts {
-		if m.Device == "sysfs" {
-			m.Flags |= syscall.MS_RDONLY
-		}
-	}
-}
-
 func setupUserNamespace(spec *specs.LinuxSpec, config *configs.Config) error {
 	if len(spec.Linux.UIDMappings) == 0 {
 		return nil