From 6f97764171c03d59614db87df5ae1f1da420853a Mon Sep 17 00:00:00 2001
From: Lantao Liu <lantaol@google.com>
Date: Mon, 6 Nov 2017 20:54:50 +0000
Subject: [PATCH] Add comment for #398.

Signed-off-by: Lantao Liu <lantaol@google.com>
---
 pkg/server/container_create.go | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/pkg/server/container_create.go b/pkg/server/container_create.go
index 523f4fbbf..14a2bcf72 100644
--- a/pkg/server/container_create.go
+++ b/pkg/server/container_create.go
@@ -603,6 +603,8 @@ func (c *criContainerdService) addOCIBindMounts(g *generate.Generator, mounts []
 			options = append(options, "rprivate")
 		}
 
+		// NOTE(random-liu): we don't change all mounts to `ro` when root filesystem
+		// is readonly. This is different from docker's behavior, but make more sense.
 		if mount.GetReadonly() {
 			options = append(options, "ro")
 		} else {