Merge pull request #1390 from devimc/topic/roFS

virtcontainers: improve security and mount the rootfs as read-only fs
This commit is contained in:
Graham Whaley 2019-03-21 09:33:04 +00:00 committed by GitHub
commit c70ba4844f
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
2 changed files with 6 additions and 1 deletions

View File

@ -93,6 +93,11 @@ var noTraceKernelParam = []vc.Param{
Key: "systemd.mask",
Value: "tmp.mount",
},
// No random seed
{
Key: "systemd.mask",
Value: "systemd-random-seed.service",
},
}
func getKernelParams(needSystemd, trace bool) []vc.Param {

View File

@ -32,7 +32,7 @@ var qemuPaths = map[string]string{
var kernelRootParams = []Param{
{"root", "/dev/pmem0p1"},
{"rootflags", "dax,data=ordered,errors=remount-ro rw"},
{"rootflags", "dax,data=ordered,errors=remount-ro ro"},
{"rootfstype", "ext4"},
}