Add cgroup mount in the recommended config

And allow cgroup mount take flags from user configs. As we show ro in the recommendation, so hard-coded read-only flag should be removed. Signed-off-by: Qiang Huang <h.huangqiang@huawei.com>
2015-07-15 09:31:39 +08:00 · 2015-07-15 09:31:39 +08:00 · d7181a73e4
parent 31f23e4429
commit d7181a73e4
3 changed files with 13 additions and 1 deletions
--- a/README.md
+++ b/README.md
@ -111,6 +111,12 @@ user named `daemon` defined within that file-system.
            "source": "sysfs",
            "destination": "/sys",
            "options": "nosuid,noexec,nodev"
+        },
+        {
+            "type": "cgroup",
+            "source": "cgroup",
+            "destination": "/sys/fs/cgroup",
+            "options": "nosuid,noexec,nodev,relatime,ro"
        }
    ],
    "linux": {
--- a/libcontainer/rootfs_linux.go
+++ b/libcontainer/rootfs_linux.go
@ -184,7 +184,7 @@ func mountToRootfs(m *configs.Mount, rootfs, mountLabel string) error {
 				Device:      "bind",
 				Source:      filepath.Join(mm.Mountpoint, dir),
 				Destination: filepath.Join(m.Destination, strings.Join(mm.Subsystems, ",")),
-				Flags:       syscall.MS_BIND | syscall.MS_REC | syscall.MS_RDONLY,
+				Flags:       syscall.MS_BIND | syscall.MS_REC | m.Flags,
 			})
 		}
 		tmpfs := &configs.Mount{
--- a/spec.go
+++ b/spec.go
@ -83,6 +83,12 @@ var specCommand = cli.Command{
 						Destination: "/sys",
 						Options:     "nosuid,noexec,nodev",
 					},
+					{
+						Type:        "cgroup",
+						Source:      "cgroup",
+						Destination: "/sys/fs/cgroup",
+						Options:     "nosuid,noexec,nodev,relatime,ro",
+					},
 				},
 			},
 			Linux: specs.Linux{