kotovalexarian-likes-github/moby--moby
1
0
Fork 0
mirror of https://github.com/moby/moby.git synced 2022-11-09 12:21:53 -05:00
Code Releases Activity

Mount RO for timer_stats and latency_stats in proc

Browse source 
Signed-off-by: Michael Crosby <crosbymichael@gmail.com>
This commit is contained in:
Michael Crosby 2015-04-20 13:54:49 -07:00 committed by Jessica Frazelle
parent 42c8c1b0b8
commit 27ae108b4e
2 changed files with 20 additions and 0 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

2
daemon/execdriver/native/template/default_template.go
View file

@ -88,8 +88,10 @@ func New() *configs.Config {
"/proc/bus",
"/proc/fs",
"/proc/irq",
"/proc/latency_stats",
"/proc/sys",
"/proc/sysrq-trigger",
"/proc/timer_stats",
},
}

18
integration-cli/docker_cli_run_test.go
View file

@ -3077,3 +3077,21 @@ func TestRunWriteToProcAsound(t *testing.T) {
}
logDone("run - ro write to /proc/asound")
}
func TestRunWriteToProcTimer(t *testing.T) {
defer deleteAllContainers()
code, err := runCommand(exec.Command(dockerBinary, "run", "busybox", "sh", "-c", "echo 1 >> /proc/timer_stats"))
if err == nil || code == 0 {
t.Fatal("standard container should not be able to write to /proc/timer_stats")
}
logDone("run - ro write to /proc/timer_stats")
}
func TestRunWriteToProcLatency(t *testing.T) {
defer deleteAllContainers()
code, err := runCommand(exec.Command(dockerBinary, "run", "busybox", "sh", "-c", "echo 1 >> /proc/latency_stats"))
if err == nil || code == 0 {
t.Fatal("standard container should not be able to write to /proc/latency_stats")
}
logDone("run - ro write to /proc/latency_stats")
}