Skip to content

Commit

Permalink
fix readonlyPath as well
Browse files Browse the repository at this point in the history 
readonlyPath's first MS_BIND might inherit some lockable flags, so in a
user ns, we need to make sure to pass these flags back to the MS_REMOUNT.

Signed-off-by: Tycho Andersen <tycho@docker.com>
  • Loading branch information
Tycho Andersen committed Aug 25, 2017
1 parent 66eb2a3 commit b8136d3
Showing 1 changed file with 9 additions and 1 deletion.
10 changes: 9 additions & 1 deletion libcontainer/rootfs_linux.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -723,7 +723,15 @@ func readonlyPath(path string) error {
}
return err
}
return unix.Mount(path, path, "", unix.MS_BIND|unix.MS_REMOUNT|unix.MS_RDONLY|unix.MS_REC, "")

statfs := unix.Statfs_t{}
if err := unix.Statfs(path, &statfs); err != nil {
return err
}

flags := statfs.Flags | unix.MS_BIND | unix.MS_REMOUNT | unix.MS_RDONLY | unix.MS_REC

return unix.Mount(path, path, "", uintptr(flags), "")
}

// remountReadonly will remount an existing mount point and ensure that it is read-only.
Expand Down

0 comments on commit b8136d3

Please sign in to comment.