1
0
Fork 0
mirror of https://github.com/moby/moby.git synced 2022-11-09 12:21:53 -05:00

/dev/mqueue should never be mounted readonly

If user specifies --read-only flag it should not effect /dev/mqueue.
This is causing SELinux issues in docker-1.10.  --read-only blows up
on SELinux enabled machines.  Mounting /dev/mqueue read/only would also
blow up any tool that was going to use /dev/mqueue.

Signed-off-by: Dan Walsh <dwalsh@redhat.com>
This commit is contained in:
Dan Walsh 2016-02-15 14:52:10 -05:00
parent e5a79c5d99
commit adb2e3fedc

View file

@ -104,7 +104,7 @@ func (d *Driver) createContainer(c *execdriver.Command, hooks execdriver.Hooks)
if container.Readonlyfs {
for i := range container.Mounts {
switch container.Mounts[i].Destination {
case "/proc", "/dev", "/dev/pts":
case "/proc", "/dev", "/dev/pts", "/dev/mqueue":
continue
}
container.Mounts[i].Flags |= syscall.MS_RDONLY