github/kata-containers
1
0
Fork 1
mirror of https://github.com/kata-containers/kata-containers.git synced 2025-06-25 15:02:45 +00:00
Code Issues Projects Releases Wiki Activity

runtime: virtcontainers: make rootfs image read-only

Browse Source 
Improve security by making rootfs image read-only, nobody
will be able to modify it from the guest.

fixes #1916

Signed-off-by: Julio Montes <julio.montes@intel.com>
This commit is contained in:
Julio Montes 2021-07-22 09:57:23 -05:00
parent 070590fb53
commit 2859600a6f
2 changed files with 2 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

1
src/runtime/virtcontainers/qemu_amd64_test.go
View File

@ -138,6 +138,7 @@ func TestQemuAmd64AppendImage(t *testing.T) {
ID: "mem0", ID: "mem0",
MemPath: f.Name(), MemPath: f.Name(),
Size: (uint64)(imageStat.Size()), Size: (uint64)(imageStat.Size()),
ReadOnly: true,
}, },
} }

1
src/runtime/virtcontainers/qemu_arch_base.go
View File

@ -406,6 +406,7 @@ func (q *qemuArchBase) appendNvdimmImage(devices []govmmQemu.Device, path string
ID: "mem0", ID: "mem0",
MemPath: path, MemPath: path,
Size: (uint64)(imageStat.Size()), Size: (uint64)(imageStat.Size()),
ReadOnly: true,
} }
devices = append(devices, object) devices = append(devices, object)