From bbd97cc98ef4f6dfc27ba847cd1d4931ac3e984e Mon Sep 17 00:00:00 2001
From: Qiang Huang <h.huangqiang@huawei.com>
Date: Tue, 1 Mar 2016 10:23:08 +0800
Subject: [PATCH] Set sysfs readonly in config

It is what we hard coded in runC, now we do it in config,
also removed the legacy function.

Signed-off-by: Qiang Huang <h.huangqiang@huawei.com>
---
 spec.go | 10 +---------
 1 file changed, 1 insertion(+), 9 deletions(-)

diff --git a/spec.go b/spec.go
index fd3475fa..b198b58b 100644
--- a/spec.go
+++ b/spec.go
@@ -94,7 +94,7 @@ var specCommand = cli.Command{
 						Destination: "/sys",
 						Type:        "sysfs",
 						Source:      "sysfs",
-						Options:     []string{"nosuid", "noexec", "nodev"},
+						Options:     []string{"nosuid", "noexec", "nodev", "ro"},
 					},
 					{
 						Destination: "/sys/fs/cgroup",
@@ -575,14 +575,6 @@ func createDevices(spec *specs.LinuxSpec, config *configs.Config) error {
 	return nil
 }
 
-func setReadonly(config *configs.Config) {
-	for _, m := range config.Mounts {
-		if m.Device == "sysfs" {
-			m.Flags |= syscall.MS_RDONLY
-		}
-	}
-}
-
 func setupUserNamespace(spec *specs.LinuxSpec, config *configs.Config) error {
 	if len(spec.Linux.UIDMappings) == 0 {
 		return nil