Revert "runc: don't mount /dev with ro"

This reverts commit 380f36cc1a. Now that runc includes a fix for this, this patch can be reverted Signed-off-by: Frédéric Dalleau <frederic.dalleau@docker.com>
2025-07-20 17:49:10 +00:00 · 2021-12-13 16:21:09 +01:00 · 2021-12-13 16:21:09 +01:00 · 36853c74ef
commit 36853c74ef
parent be43e99310
1 changed files with 3 additions and 0 deletions
--- a/src/cmd/linuxkit/moby/config.go
+++ b/src/cmd/linuxkit/moby/config.go
@ -747,6 +747,9 @@ func ConfigToOCI(yaml *Image, config imagespec.ImageConfig, idMap map[string]uin
 	// default options match what Docker does
 	procOptions := []string{"nosuid", "nodev", "noexec", "relatime"}
 	devOptions := []string{"nosuid", "strictatime", "mode=755", "size=65536k"}
+	if readonly {
+		devOptions = append(devOptions, "ro")
+	}
 	ptsOptions := []string{"nosuid", "noexec", "newinstance", "ptmxmode=0666", "mode=0620"}
 	sysOptions := []string{"nosuid", "noexec", "nodev"}
 	if readonly {