We use cookies to ensure you get the best experience on our website
Página inicial Explorar Ajuda
Registrar Entrar
0ct0pu5
/
moby
1
0
Fork 0
Arquivos Issues 0 Pull Requests 0 Wiki
Ver código fonte

Change placement of readonly filesystem

We need to change it to read only at the very end so that bound,
copy dev nodes and other ops do not fail.
Docker-DCO-1.1-Signed-off-by: Michael Crosby <michael@crosbymichael.com> (github: crosbymichael)
Michael Crosby 11 anos atrás
pai
83618c2b81
commit
2c58a1e288
1 arquivos alterados com 6 adições e 5 exclusões
Visão dividida Mostrar estatísticas do Diff
  1. 6 5
      pkg/libcontainer/nsinit/mount.go

+ 6 - 5
pkg/libcontainer/nsinit/mount.go
Ver arquivo 

@@ -31,11 +31,6 @@ func setupNewMountNamespace(rootfs string, bindMounts []libcontainer.Mount, cons
 
 	if err := system.Mount(rootfs, rootfs, "bind", syscall.MS_BIND|syscall.MS_REC, ""); err != nil {
 
 		return fmt.Errorf("mouting %s as bind %s", rootfs, err)
 
 	}
 
-	if readonly {
 
-		if err := system.Mount(rootfs, rootfs, "bind", syscall.MS_BIND|syscall.MS_REMOUNT|syscall.MS_RDONLY|syscall.MS_REC, ""); err != nil {
 
-			return fmt.Errorf("mounting %s as readonly %s", rootfs, err)
 
-		}
 
-	}
 
 	if err := mountSystem(rootfs); err != nil {
 
 		return fmt.Errorf("mount system %s", err)
 
 	}
 
@@ -81,6 +76,12 @@ func setupNewMountNamespace(rootfs string, bindMounts []libcontainer.Mount, cons
 
 		}
 
 	}
 
 
+	if readonly {
 
+		if err := system.Mount("/", "/", "bind", syscall.MS_BIND|syscall.MS_REMOUNT|syscall.MS_RDONLY|syscall.MS_REC, ""); err != nil {
 
+			return fmt.Errorf("mounting %s as readonly %s", rootfs, err)
 
+		}
 
+	}
 
+
 
 	system.Umask(0022)
 
 
 	return nil

Contact | Legal | Takedown | Status
Self-hosted public services - About
NibbleSpot by 0ct0pu5