Mount RO for timer_stats and latency_stats in proc

Signed-off-by: Michael Crosby <crosbymichael@gmail.com>
2015-04-20 13:54:49 -07:00 · 2015-04-20 13:54:49 -07:00 · 27ae108b4e
parent 42c8c1b0b8
commit 27ae108b4e
2 changed files with 20 additions and 0 deletions
--- a/daemon/execdriver/native/template/default_template.go
+++ b/daemon/execdriver/native/template/default_template.go
@ -88,8 +88,10 @@ func New() *configs.Config {
 			"/proc/bus",
 			"/proc/fs",
 			"/proc/irq",
+			"/proc/latency_stats",
 			"/proc/sys",
 			"/proc/sysrq-trigger",
+			"/proc/timer_stats",
 		},
 	}

--- a/integration-cli/docker_cli_run_test.go
+++ b/integration-cli/docker_cli_run_test.go
@ -3077,3 +3077,21 @@ func TestRunWriteToProcAsound(t *testing.T) {
 	}
 	logDone("run - ro write to /proc/asound")
 }
+
+func TestRunWriteToProcTimer(t *testing.T) {
+	defer deleteAllContainers()
+	code, err := runCommand(exec.Command(dockerBinary, "run", "busybox", "sh", "-c", "echo 1 >> /proc/timer_stats"))
+	if err == nil || code == 0 {
+		t.Fatal("standard container should not be able to write to /proc/timer_stats")
+	}
+	logDone("run - ro write to /proc/timer_stats")
+}
+
+func TestRunWriteToProcLatency(t *testing.T) {
+	defer deleteAllContainers()
+	code, err := runCommand(exec.Command(dockerBinary, "run", "busybox", "sh", "-c", "echo 1 >> /proc/latency_stats"))
+	if err == nil || code == 0 {
+		t.Fatal("standard container should not be able to write to /proc/latency_stats")
+	}
+	logDone("run - ro write to /proc/latency_stats")
+}