kotovalexarian-likes-github/moby--moby
1
0
Fork 0
mirror of https://github.com/moby/moby.git synced 2022-11-09 12:21:53 -05:00
Code Releases Activity

Merge pull request #35344 from rhatdan/readonly-/dev

Browse source 
/dev should not be readonly with --readonly flag
This commit is contained in:
Sebastiaan van Stijn 2017-11-03 12:54:51 +01:00 committed by GitHub
commit 7d8affa3ef
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
2 changed files with 2 additions and 2 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

2
daemon/oci_linux.go
View file

@ -628,7 +628,7 @@ func setMounts(daemon *Daemon, s *specs.Spec, c *container.Container, mounts []c
if s.Root.Readonly { if s.Root.Readonly {
for i, m := range s.Mounts { for i, m := range s.Mounts {
switch m.Destination { switch m.Destination {
case "/proc", "/dev/pts", "/dev/mqueue": // /dev is remounted by runc case "/proc", "/dev/pts", "/dev/mqueue", "/dev":
continue continue
} }
if _, ok := userMounts[m.Destination]; !ok { if _, ok := userMounts[m.Destination]; !ok {

2
integration-cli/docker_cli_run_test.go
View file

@ -2729,7 +2729,7 @@ func (s *DockerSuite) TestRunContainerWithReadonlyRootfs(c *check.C) {
if root := os.Getenv("DOCKER_REMAP_ROOT"); root != "" { if root := os.Getenv("DOCKER_REMAP_ROOT"); root != "" {
testPriv = false testPriv = false
} }
testReadOnlyFile(c, testPriv, "/file", "/etc/hosts", "/etc/resolv.conf", "/etc/hostname", "/sys/kernel", "/dev/.dont.touch.me") testReadOnlyFile(c, testPriv, "/file", "/etc/hosts", "/etc/resolv.conf", "/etc/hostname", "/sys/kernel")
} }
func (s *DockerSuite) TestPermissionsPtsReadonlyRootfs(c *check.C) { func (s *DockerSuite) TestPermissionsPtsReadonlyRootfs(c *check.C) {