Always mount sysfs as rw.

Signed-off-by: Lantao Liu <lantaol@google.com>
2018-04-26 18:48:10 -07:00 · 2018-04-26 18:48:10 -07:00 · 279fa853a6
commit 279fa853a6
parent 8fec0469d9
2 changed files with 1 additions and 9 deletions
--- a/pkg/server/container_create.go
+++ b/pkg/server/container_create.go
@ -662,7 +662,7 @@ func setOCIBindMountsPrivileged(g *generate.Generator) {
 	spec := g.Spec()
 	// clear readonly for /sys and cgroup
 	for i, m := range spec.Mounts {
-		if spec.Mounts[i].Destination == "/sys" && !spec.Root.Readonly {
+		if spec.Mounts[i].Destination == "/sys" {
 			clearReadOnly(&spec.Mounts[i])
 		}
 		if m.Type == "cgroup" {
--- a/pkg/server/container_create_test.go
+++ b/pkg/server/container_create_test.go
@ -605,7 +605,6 @@ func TestGenerateContainerMounts(t *testing.T) {
 func TestPrivilegedBindMount(t *testing.T) {
 	for desc, test := range map[string]struct {
 		privileged         bool
-		readonlyRootFS     bool
 		expectedSysFSRO    bool
 		expectedCgroupFSRO bool
 	}{
@ -618,16 +617,9 @@ func TestPrivilegedBindMount(t *testing.T) {
 			expectedSysFSRO:    false,
 			expectedCgroupFSRO: false,
 		},
-		"sysfs should mount as 'ro' if root filrsystem is readonly": {
-			privileged:         true,
-			readonlyRootFS:     true,
-			expectedSysFSRO:    true,
-			expectedCgroupFSRO: false,
-		},
 	} {
 		t.Logf("TestCase %q", desc)
 		g := generate.New()
-		g.SetRootReadonly(test.readonlyRootFS)
 		c := newTestCRIService()
 		c.addOCIBindMounts(&g, nil, "")
 		if test.privileged {