kotovalexarian-likes-github/moby--moby
1
0
Fork 0
mirror of https://github.com/moby/moby.git synced 2022-11-09 12:21:53 -05:00
Code Releases Activity

Always make sysfs read-write with privileged

Browse source 
It does not make any sense to vary this based on whether the
rootfs is read only. We removed all the other mount dependencies
on read-only eg see #35344.

Signed-off-by: Justin Cormack <justin.cormack@docker.com>
This commit is contained in:
Justin Cormack 2018-04-06 14:01:38 +01:00
parent 8a9e1808cf
commit a729853bc7
No known key found for this signature in database
GPG key ID: 609102888A2EE3F9
2 changed files with 5 additions and 7 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

2
daemon/oci_linux.go
View file

@ -685,14 +685,12 @@ func setMounts(daemon *Daemon, s *specs.Spec, c *container.Container, mounts []c
} }
if c.HostConfig.Privileged { if c.HostConfig.Privileged {
if !s.Root.Readonly {
// clear readonly for /sys // clear readonly for /sys
for i := range s.Mounts { for i := range s.Mounts {
if s.Mounts[i].Destination == "/sys" { if s.Mounts[i].Destination == "/sys" {
clearReadOnly(&s.Mounts[i]) clearReadOnly(&s.Mounts[i])
} }
} }
}
s.Linux.ReadonlyPaths = nil s.Linux.ReadonlyPaths = nil
s.Linux.MaskedPaths = nil s.Linux.MaskedPaths = nil
} }

2
integration-cli/docker_cli_run_test.go
View file

@ -2688,7 +2688,7 @@ func (s *DockerSuite) TestRunContainerWithReadonlyRootfs(c *check.C) {
if root := os.Getenv("DOCKER_REMAP_ROOT"); root != "" { if root := os.Getenv("DOCKER_REMAP_ROOT"); root != "" {
testPriv = false testPriv = false
} }
testReadOnlyFile(c, testPriv, "/file", "/etc/hosts", "/etc/resolv.conf", "/etc/hostname", "/sys/kernel") testReadOnlyFile(c, testPriv, "/file", "/etc/hosts", "/etc/resolv.conf", "/etc/hostname")
} }
func (s *DockerSuite) TestPermissionsPtsReadonlyRootfs(c *check.C) { func (s *DockerSuite) TestPermissionsPtsReadonlyRootfs(c *check.C) {