/dev/mqueue should never be mounted readonly
If user specifies --read-only flag it should not effect /dev/mqueue. This is causing SELinux issues in docker-1.10. --read-only blows up on SELinux enabled machines. Mounting /dev/mqueue read/only would also blow up any tool that was going to use /dev/mqueue. Signed-off-by: Dan Walsh <dwalsh@redhat.com>
This commit is contained in:
Dan Walsh
parent
e5a79c5d99
commit
adb2e3fedc
1 changed files with 1 additions and 1 deletions
|
|
@ -104,7 +104,7 @@ func (d *Driver) createContainer(c *execdriver.Command, hooks execdriver.Hooks)
|
||||||
if container.Readonlyfs {
|
if container.Readonlyfs {
|
||||||
for i := range container.Mounts {
|
for i := range container.Mounts {
|
||||||
switch container.Mounts[i].Destination {
|
switch container.Mounts[i].Destination {
|
||||||
case "/proc", "/dev", "/dev/pts":
|
case "/proc", "/dev", "/dev/pts", "/dev/mqueue":
|
||||||
continue
|
continue
|
||||||
}
|
}
|
||||||
container.Mounts[i].Flags |= syscall.MS_RDONLY
|
container.Mounts[i].Flags |= syscall.MS_RDONLY
|
||||||
|
|
|
||||||
Loading…
Add table
Reference in a new issue