github/containerd
2
0
Fork 0
Code Issues Pull Requests Packages Projects Releases 2 Wiki Activity

Merge pull request #398 from justincormack/remove-comment-read-only

Browse Source 
Remove comment about whether other paths should be read only with root
This commit is contained in:
Lantao Liu 2017-11-06 10:31:49 -08:00 committed by GitHub
commit 7c4c80befb
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
1 changed files with 0 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
pkg/server/container_create.go
View File

@ -554,8 +554,6 @@ func setOCIDevicesPrivileged(g *generate.Generator) error {
}
// addOCIBindMounts adds bind mounts.
// TODO(random-liu): Figure out whether we need to change all CRI mounts to readonly when
// rootfs is readonly. (https://github.com/moby/moby/blob/master/daemon/oci_linux.go)
func (c *criContainerdService) addOCIBindMounts(g *generate.Generator, mounts []*runtime.Mount, mountLabel string) error {
// Mount cgroup into the container as readonly, which inherits docker's behavior.
g.AddCgroupsMount("ro") // nolint: errcheck