github/kata-containers
1
0
Fork 1
mirror of https://github.com/kata-containers/kata-containers.git synced 2025-06-30 17:22:33 +00:00
Code Issues Projects Releases Wiki Activity

virtcontainers: improve security and mount the rootfs as read-only fs

Browse Source 
Mounting the rootfs as read-only fs the binaries can't be modified.

fixes #1389

Signed-off-by: Julio Montes <julio.montes@intel.com>
This commit is contained in:
Julio Montes 2019-03-19 16:42:18 -06:00
parent 8e72cf15e6
commit 64984667ad
1 changed files with 1 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
virtcontainers/qemu_amd64.go
View File

@ -32,7 +32,7 @@ var qemuPaths = map[string]string{
var kernelRootParams = []Param{ var kernelRootParams = []Param{
{"root", "/dev/pmem0p1"}, {"root", "/dev/pmem0p1"},
{"rootflags", "dax,data=ordered,errors=remount-ro rw"}, {"rootflags", "dax,data=ordered,errors=remount-ro ro"},
{"rootfstype", "ext4"}, {"rootfstype", "ext4"},
} }