/dev should not be readonly with --readonly flag
Sebastiaan van Stijn authored on 2017/11/03 20:54:51... | ... |
@@ -628,7 +628,7 @@ func setMounts(daemon *Daemon, s *specs.Spec, c *container.Container, mounts []c |
628 | 628 |
if s.Root.Readonly { |
629 | 629 |
for i, m := range s.Mounts { |
630 | 630 |
switch m.Destination { |
631 |
- case "/proc", "/dev/pts", "/dev/mqueue": // /dev is remounted by runc |
|
631 |
+ case "/proc", "/dev/pts", "/dev/mqueue", "/dev": |
|
632 | 632 |
continue |
633 | 633 |
} |
634 | 634 |
if _, ok := userMounts[m.Destination]; !ok { |
... | ... |
@@ -2729,7 +2729,7 @@ func (s *DockerSuite) TestRunContainerWithReadonlyRootfs(c *check.C) { |
2729 | 2729 |
if root := os.Getenv("DOCKER_REMAP_ROOT"); root != "" { |
2730 | 2730 |
testPriv = false |
2731 | 2731 |
} |
2732 |
- testReadOnlyFile(c, testPriv, "/file", "/etc/hosts", "/etc/resolv.conf", "/etc/hostname", "/sys/kernel", "/dev/.dont.touch.me") |
|
2732 |
+ testReadOnlyFile(c, testPriv, "/file", "/etc/hosts", "/etc/resolv.conf", "/etc/hostname", "/sys/kernel") |
|
2733 | 2733 |
} |
2734 | 2734 |
|
2735 | 2735 |
func (s *DockerSuite) TestPermissionsPtsReadonlyRootfs(c *check.C) { |