vbatts/pkg
1
0
Fork 0
Code Pull requests Releases Activity

Add restrictions to proc in libcontainer

Browse source 
Docker-DCO-1.1-Signed-off-by: Michael Crosby <michael@crosbymichael.com> (github: crosbymichael)
This commit is contained in:
Michael Crosby 2014-04-10 23:03:52 +00:00
parent b5434b5d7f
commit 3d546f20db
3 changed files with 86 additions and 29 deletions
Download patch file Download diff file Expand all files Collapse all files

2
libcontainer/nsinit/init.go
View file

@ -61,7 +61,7 @@ func (ns *linuxNs) Init(container *libcontainer.Container, uncleanRootfs, consol
label.Init()
ns.logger.Println("setup mount namespace")
if err := setupNewMountNamespace(rootfs, container.Mounts, console, container.ReadonlyFs, container.NoPivotRoot, container.Context["mount_label"]); err != nil {
if err := setupNewMountNamespace(rootfs, console, container); err != nil {
return fmt.Errorf("setup mount namespace %s", err)
}
if err := system.Sethostname(container.Hostname); err != nil {