github/linuxkit
1
0
Fork 0
mirror of https://github.com/linuxkit/linuxkit.git synced 2025-07-19 09:16:29 +00:00
Code Issues Projects Releases Wiki Activity

runc: don't mount /dev with ro

Browse Source 
After runc 1.0.0-rc92 mounting /dev with ro will fail to start the
container with an error trying to `mkdir /dev/...` (for example
`/dev/pts`). This can be observed following the runc example

Comparing our `config.json` with the working one generated by
`runc spec`, both have a readonly rootfs (good) but the `runc spec`
one does not set `ro` in the `/dev` mount options.

This patch fixes readonly onboot containers by removing the "ro"
option from `/dev`, to match the `runc spec` example.

Signed-off-by: David Scott <dave@recoil.org>
This commit is contained in:
David Scott 2021-10-18 08:08:08 +01:00
parent 0cfaa9ce65
commit 380f36cc1a
1 changed files with 0 additions and 3 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

3
src/cmd/linuxkit/moby/config.go
View File

@ -747,9 +747,6 @@ func ConfigToOCI(yaml *Image, config imagespec.ImageConfig, idMap map[string]uin
// default options match what Docker does
procOptions := []string{"nosuid", "nodev", "noexec", "relatime"}
devOptions := []string{"nosuid", "strictatime", "mode=755", "size=65536k"}
if readonly {
devOptions = append(devOptions, "ro")
}
ptsOptions := []string{"nosuid", "noexec", "newinstance", "ptmxmode=0666", "mode=0620"}
sysOptions := []string{"nosuid", "noexec", "nodev"}
if readonly {