github/kata-containers
1
0
Fork 1
mirror of https://github.com/kata-containers/kata-containers.git synced 2025-08-27 20:18:57 +00:00
Code Issues Projects Releases Wiki Activity

Merge pull request #1390 from devimc/topic/roFS

Browse Source 
virtcontainers: improve security and mount the rootfs as read-only fs
This commit is contained in:
Graham Whaley 2019-03-21 09:33:04 +00:00 committed by GitHub
commit c70ba4844f
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
2 changed files with 6 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

5
pkg/katautils/create.go
View File

@ -93,6 +93,11 @@ var noTraceKernelParam = []vc.Param{
Key: "systemd.mask", Key: "systemd.mask",
Value: "tmp.mount", Value: "tmp.mount",
}, },
// No random seed
{
Key: "systemd.mask",
Value: "systemd-random-seed.service",
},
} }
func getKernelParams(needSystemd, trace bool) []vc.Param { func getKernelParams(needSystemd, trace bool) []vc.Param {

2
virtcontainers/qemu_amd64.go
View File

@ -32,7 +32,7 @@ var qemuPaths = map[string]string{
var kernelRootParams = []Param{ var kernelRootParams = []Param{
{"root", "/dev/pmem0p1"}, {"root", "/dev/pmem0p1"},
{"rootflags", "dax,data=ordered,errors=remount-ro rw"}, {"rootflags", "dax,data=ordered,errors=remount-ro ro"},
{"rootfstype", "ext4"}, {"rootfstype", "ext4"},
} }