kotovalexarian-likes-github/moby--moby
1
0
Fork 0
mirror of https://github.com/moby/moby.git synced 2022-11-09 12:21:53 -05:00
Code Releases Activity

daemon/setMounts(): do not make /dev/shm ro

Browse source 
It has been pointed out that if --read-only flag is given, /dev/shm
also becomes read-only in case of --ipc private.

This happens because in this case the mount comes from OCI spec
(since commit 7120976d74), and is a regression caused by that
commit.

The meaning of --read-only flag is to only have a "main" container
filesystem read-only, not the auxiliary stuff (that includes /dev/shm,
other mounts and volumes, --tmpfs, /proc, /dev and so on).

So, let's make sure /dev/shm that comes from OCI spec is not made
read-only.

Fixes: 7120976d74 ("Implement none, private, and shareable ipc modes")

Signed-off-by: Kir Kolyshkin <kolyshkin@gmail.com>
This commit is contained in:
Kir Kolyshkin 2018-03-07 20:14:16 -08:00
parent 33dd562e3a
commit cad74056c0
1 changed files with 1 additions and 1 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

2
daemon/oci_linux.go
View file

@ -667,7 +667,7 @@ func setMounts(daemon *Daemon, s *specs.Spec, c *container.Container, mounts []c
if s.Root.Readonly { if s.Root.Readonly {
for i, m := range s.Mounts { for i, m := range s.Mounts {
switch m.Destination { switch m.Destination {
case "/proc", "/dev/pts", "/dev/mqueue", "/dev": case "/proc", "/dev/pts", "/dev/shm", "/dev/mqueue", "/dev":
continue continue
} }
if _, ok := userMounts[m.Destination]; !ok { if _, ok := userMounts[m.Destination]; !ok {