github/kata-containers
1
0
Fork 1
mirror of https://github.com/kata-containers/kata-containers.git synced 2025-06-30 09:13:29 +00:00
Code Issues Projects Releases Wiki Activity

firecracker: Setup rootfs to be RO

Browse Source 
Setup rootfs to be RO both from the VMM point of view and the
VM point of view.

Fixes: #1632

Signed-off-by: Manohar Castelino <manohar.r.castelino@intel.com>
This commit is contained in:
Manohar Castelino 2019-05-07 15:03:28 -07:00
parent 9a27ac29bc
commit 5e9cb48b8f
1 changed files with 3 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
virtcontainers/fc.go
View File

@ -57,6 +57,8 @@ const (
var fcKernelParams = []Param{ var fcKernelParams = []Param{
// The boot source is the first partition of the first block device added // The boot source is the first partition of the first block device added
{"root", "/dev/vda1"}, {"root", "/dev/vda1"},
{"rootflags", "data=ordered,errors=remount-ro ro"},
{"rootfstype", "ext4"},
{"pci", "off"}, {"pci", "off"},
{"reboot", "k"}, {"reboot", "k"},
{"panic", "1"}, {"panic", "1"},
@ -299,7 +301,7 @@ func (fc *firecracker) fcSetVMRootfs(path string) error {
driveID := "rootfs" driveID := "rootfs"
driveParams := ops.NewPutGuestDriveByIDParams() driveParams := ops.NewPutGuestDriveByIDParams()
driveParams.SetDriveID(driveID) driveParams.SetDriveID(driveID)
isReadOnly := false isReadOnly := true
//Add it as a regular block device //Add it as a regular block device
//This allows us to use a paritioned root block device //This allows us to use a paritioned root block device
isRootDevice := false isRootDevice := false