github/containerd
4
0
Fork 0
Code Issues Pull Requests Packages Projects Releases 2 Wiki Activity

Merge pull request #70 from Random-Liu/mount-cgroup

Browse Source 
Mount cgroup into the container and add unit test for privileged mount.
This commit is contained in:
Lantao Liu
2017-06-12 14:14:07 -07:00
committed by GitHub
parent 9b1708b408 ffa4ffe3bf
commit 479e8c3045
2 changed files with 67 additions and 15 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
pkg/server/container_start.go
View File

@@ -427,6 +427,8 @@ func addOCIDevices(g *generate.Generator, devs []*runtime.Device, privileged boo
// TODO(random-liu): Figure out whether we need to change all CRI mounts to readonly when
// rootfs is readonly. (https://github.com/moby/moby/blob/master/daemon/oci_linux.go)
func addOCIBindMounts(g *generate.Generator, mounts []*runtime.Mount, privileged bool) {
// Mount cgroup into the container as readonly, which inherits docker's behavior.
g.AddCgroupsMount("ro") // nolint: errcheck
for _, mount := range mounts {
dst := mount.GetContainerPath()
src := mount.GetHostPath()