Browse code
Remove cgroup read-only flag when privileged
Fixes: #14543
It needs libcontainer fix from:
https://github.com/opencontainers/runc/pull/91
Signed-off-by: Qiang Huang <h.huangqiang@huawei.com>
Qiang Huang authored on 2015/07/14 16:00:41Showing 1 changed files
| ... | ... |
@@ -48,6 +48,13 @@ func (d *driver) createContainer(c *execdriver.Command) (*configs.Config, error) |
| 48 | 48 |
container.ReadonlyPaths = nil |
| 49 | 49 |
} |
| 50 | 50 |
|
| 51 |
+ // clear readonly for cgroup |
|
| 52 |
+ for i := range container.Mounts {
|
|
| 53 |
+ if container.Mounts[i].Device == "cgroup" {
|
|
| 54 |
+ container.Mounts[i].Flags &= ^syscall.MS_RDONLY |
|
| 55 |
+ } |
|
| 56 |
+ } |
|
| 57 |
+ |
|
| 51 | 58 |
container.MaskPaths = nil |
| 52 | 59 |
if err := d.setPrivileged(container); err != nil {
|
| 53 | 60 |
return nil, err |