Merge pull request #1298 from riyazdf/readonly-rootfs

Remount rootfs as read-only after init, /var and /containers mounted as rw

examples/docker.yml

@@ -1,7 +1,7 @@
 kernel:
   image: "mobylinux/kernel:4.9.x"
   cmdline: "console=ttyS0 console=tty0 page_poison=1"
-init: "mobylinux/init:c0007f0cdf1ef821a981fcc676e3f1c2dd9ab5b1"
+init: "mobylinux/init:0b2b3811f6397c4367a4480a53837d41a8d7b3a9"
 system:
   - name: sysctl
     image: "mobylinux/sysctl:2cf2f9d5b4d314ba1bfc22b2fe931924af666d8c"

examples/gcp.yml

@@ -1,7 +1,7 @@
 kernel:
   image: "mobylinux/kernel:4.9.x"
   cmdline: "console=ttyS0 page_poison=1"
-init: "mobylinux/init:c0007f0cdf1ef821a981fcc676e3f1c2dd9ab5b1"
+init: "mobylinux/init:0b2b3811f6397c4367a4480a53837d41a8d7b3a9"
 system:
   - name: sysctl
     image: "mobylinux/sysctl:2cf2f9d5b4d314ba1bfc22b2fe931924af666d8c"

examples/sshd.yml

@@ -1,7 +1,7 @@
 kernel:
   image: "mobylinux/kernel:4.9.x"
   cmdline: "console=ttyS0 page_poison=1"
-init: "mobylinux/init:c0007f0cdf1ef821a981fcc676e3f1c2dd9ab5b1"
+init: "mobylinux/init:0b2b3811f6397c4367a4480a53837d41a8d7b3a9"
 system:
   - name: sysctl
     image: "mobylinux/sysctl:2cf2f9d5b4d314ba1bfc22b2fe931924af666d8c"

examples/vmware.yml

@@ -1,7 +1,7 @@
 kernel:
   image: "mobylinux/kernel:4.9.x"
   cmdline: "console=tty0 page_poison=1"
-init: "mobylinux/init:c0007f0cdf1ef821a981fcc676e3f1c2dd9ab5b1"
+init: "mobylinux/init:0b2b3811f6397c4367a4480a53837d41a8d7b3a9"
 system:
   - name: sysctl
     image: "mobylinux/sysctl:2cf2f9d5b4d314ba1bfc22b2fe931924af666d8c"

moby.yml

@@ -1,7 +1,7 @@
 kernel:
   image: "mobylinux/kernel:4.9.x"
   cmdline: "console=ttyS0 console=tty0 page_poison=1"
-init: "mobylinux/init:c0007f0cdf1ef821a981fcc676e3f1c2dd9ab5b1"
+init: "mobylinux/init:0b2b3811f6397c4367a4480a53837d41a8d7b3a9"
 system:
   - name: sysctl
     image: "mobylinux/sysctl:2cf2f9d5b4d314ba1bfc22b2fe931924af666d8c"

pkg/init/etc/init.d/rcS

@@ -105,4 +105,13 @@ ip link set lo up
 # for containerising dhcpcd and other containers that need writable etc
 mkdir /tmp/etc
 mv /etc/resolv.conf /tmp/etc/resolv.conf
-ln -snf /tmp/etc/resolv.conf /etc/resolv.conf
+ln -snf /tmp/etc/resolv.conf /etc/resolv.conf
+
+# remount rootfs as readonly
+mount -o remount,ro /
+
+# bind and remount containers and var as read-write
+mount -o bind /containers /containers
+mount -o bind /var /var
+mount -o remount,rw,relatime /containers /containers
+mount -o remount,rw,nodev,nosuid,relatime /var /var

test/ltp/test-ltp.yml

@@ -1,7 +1,7 @@
 kernel:
   image: "mobylinux/kernel:4.9.x"
   cmdline: "console=ttyS0"
-init: "mobylinux/init:c0007f0cdf1ef821a981fcc676e3f1c2dd9ab5b1"
+init: "mobylinux/init:0b2b3811f6397c4367a4480a53837d41a8d7b3a9"
 system:
   - name: ltp
     image: "mobylinux/test-ltp-20170116:fdca2d1bb019b1d51e722e6032c82c7933d4b870"

test/test.yml

@@ -1,7 +1,7 @@
 kernel:
   image: "mobylinux/kernel:4.9.x"
   cmdline: "console=ttyS0"
-init: "mobylinux/init:c0007f0cdf1ef821a981fcc676e3f1c2dd9ab5b1"
+init: "mobylinux/init:0b2b3811f6397c4367a4480a53837d41a8d7b3a9"
 system:
   - name: binfmt
     image: "mobylinux/binfmt:bdb754f25a5d851b4f5f8d185a43dfcbb3c22d01"

test/virtsock/test-virtsock-server.yml

@@ -5,7 +5,7 @@ kernel:
   # image: "mobylinux/kernel:4.9.14-0"
   image: "mobylinux/kernel:4.9.x"
   cmdline: "console=ttyS0 page_poison=1"
-init: "mobylinux/init:c0007f0cdf1ef821a981fcc676e3f1c2dd9ab5b1"
+init: "mobylinux/init:0b2b3811f6397c4367a4480a53837d41a8d7b3a9"
 system:
   - name: sysctl
     image: "mobylinux/sysctl:2cf2f9d5b4d314ba1bfc22b2fe931924af666d8c"