mirror of
https://github.com/kata-containers/kata-containers.git
synced 2025-08-25 11:13:15 +00:00
Merge pull request #1390 from devimc/topic/roFS
virtcontainers: improve security and mount the rootfs as read-only fs
This commit is contained in:
commit
c70ba4844f
@ -93,6 +93,11 @@ var noTraceKernelParam = []vc.Param{
|
||||
Key: "systemd.mask",
|
||||
Value: "tmp.mount",
|
||||
},
|
||||
// No random seed
|
||||
{
|
||||
Key: "systemd.mask",
|
||||
Value: "systemd-random-seed.service",
|
||||
},
|
||||
}
|
||||
|
||||
func getKernelParams(needSystemd, trace bool) []vc.Param {
|
||||
|
@ -32,7 +32,7 @@ var qemuPaths = map[string]string{
|
||||
|
||||
var kernelRootParams = []Param{
|
||||
{"root", "/dev/pmem0p1"},
|
||||
{"rootflags", "dax,data=ordered,errors=remount-ro rw"},
|
||||
{"rootflags", "dax,data=ordered,errors=remount-ro ro"},
|
||||
{"rootfstype", "ext4"},
|
||||
}
|
||||
|
||||
|
Loading…
Reference in New Issue
Block a user