github/kata-containers
1
0
Fork 1
mirror of https://github.com/kata-containers/kata-containers.git synced 2025-07-21 10:51:05 +00:00
Code Issues Projects Releases Wiki Activity

runtime: virtcontainers: make rootfs image read-only

Browse Source 
Improve security by making rootfs image read-only, nobody
will be able to modify it from the guest.

fixes #1916

Signed-off-by: Julio Montes <julio.montes@intel.com>
This commit is contained in:
Julio Montes 2021-07-22 09:57:23 -05:00 committed by Snir Sheriber
parent 6456cb282b
commit d3bab50496
2 changed files with 2 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

1
src/runtime/virtcontainers/qemu_amd64_test.go
View File

@ -153,6 +153,7 @@ func TestQemuAmd64AppendImage(t *testing.T) {
ID: "mem0", ID: "mem0",
MemPath: f.Name(), MemPath: f.Name(),
Size: (uint64)(imageStat.Size()), Size: (uint64)(imageStat.Size()),
ReadOnly: true,
}, },
} }

1
src/runtime/virtcontainers/qemu_arch_base.go
View File

@ -378,6 +378,7 @@ func (q *qemuArchBase) appendNvdimmImage(devices []govmmQemu.Device, path string
ID: "mem0", ID: "mem0",
MemPath: path, MemPath: path,
Size: (uint64)(imageStat.Size()), Size: (uint64)(imageStat.Size()),
ReadOnly: true,
} }
devices = append(devices, object) devices = append(devices, object)