From 380f36cc1a20f76a164ba1d6e3218e9c1c7c6aec Mon Sep 17 00:00:00 2001
From: David Scott <dave@recoil.org>
Date: Mon, 18 Oct 2021 08:08:08 +0100
Subject: [PATCH] runc: don't mount /dev with ro

After runc 1.0.0-rc92 mounting /dev with ro will fail to start the
container with an error trying to `mkdir /dev/...` (for example
`/dev/pts`). This can be observed following the runc example

Comparing our `config.json` with the working one generated by
`runc spec`, both have a readonly rootfs (good) but the `runc spec`
one does not set `ro` in the `/dev` mount options.

This patch fixes readonly onboot containers by removing the "ro"
option from `/dev`, to match the `runc spec` example.

Signed-off-by: David Scott <dave@recoil.org>
---
 src/cmd/linuxkit/moby/config.go | 3 ---
 1 file changed, 3 deletions(-)

diff --git a/src/cmd/linuxkit/moby/config.go b/src/cmd/linuxkit/moby/config.go
index d54243825..ead81f91e 100644
--- a/src/cmd/linuxkit/moby/config.go
+++ b/src/cmd/linuxkit/moby/config.go
@@ -747,9 +747,6 @@ func ConfigToOCI(yaml *Image, config imagespec.ImageConfig, idMap map[string]uin
 	// default options match what Docker does
 	procOptions := []string{"nosuid", "nodev", "noexec", "relatime"}
 	devOptions := []string{"nosuid", "strictatime", "mode=755", "size=65536k"}
-	if readonly {
-		devOptions = append(devOptions, "ro")
-	}
 	ptsOptions := []string{"nosuid", "noexec", "newinstance", "ptmxmode=0666", "mode=0620"}
 	sysOptions := []string{"nosuid", "noexec", "nodev"}
 	if readonly {