Browse code
/dev/mqueue should never be mounted readonly
If user specifies --read-only flag it should not effect /dev/mqueue.
This is causing SELinux issues in docker-1.10. --read-only blows up
on SELinux enabled machines. Mounting /dev/mqueue read/only would also
blow up any tool that was going to use /dev/mqueue.
Signed-off-by: Dan Walsh <dwalsh@redhat.com>
Dan Walsh authored on 2016/02/16 04:52:10Showing 1 changed files
| ... | ... |
@@ -104,7 +104,7 @@ func (d *Driver) createContainer(c *execdriver.Command, hooks execdriver.Hooks) |
| 104 | 104 |
if container.Readonlyfs {
|
| 105 | 105 |
for i := range container.Mounts {
|
| 106 | 106 |
switch container.Mounts[i].Destination {
|
| 107 |
- case "/proc", "/dev", "/dev/pts": |
|
| 107 |
+ case "/proc", "/dev", "/dev/pts", "/dev/mqueue": |
|
| 108 | 108 |
continue |
| 109 | 109 |
} |
| 110 | 110 |
container.Mounts[i].Flags |= syscall.MS_RDONLY |