Remount rootfs as read-only after init, /var and /containers mounted as

read-write Signed-off-by: Riyaz Faizullabhoy <riyaz.faizullabhoy@docker.com>
2025-09-13 05:39:23 +00:00 · 2017-03-13 18:00:57 +00:00
parent 485452d9bd
commit 8ba64546eb
9 changed files with 18 additions and 9 deletions
--- a/pkg/init/etc/init.d/rcS
+++ b/pkg/init/etc/init.d/rcS
@@ -105,4 +105,13 @@ ip link set lo up
 # for containerising dhcpcd and other containers that need writable etc
 mkdir /tmp/etc
 mv /etc/resolv.conf /tmp/etc/resolv.conf
-ln -snf /tmp/etc/resolv.conf /etc/resolv.conf
+ln -snf /tmp/etc/resolv.conf /etc/resolv.conf
+
+# remount rootfs as readonly
+mount -o remount,ro /
+
+# bind and remount containers and var as read-write
+mount -o bind /containers /containers
+mount -o bind /var /var
+mount -o remount,rw,relatime /containers /containers
+mount -o remount,rw,nodev,nosuid,relatime /var /var