vbatts/pkg
1
0
Fork 0
Code Pull requests Releases Activity

Merge pull request #5903 from alexlarsson/writable-proc

Browse source 
Make /proc writable, but not /proc/sys and /proc/sysrq-trigger
This commit is contained in:
Victor Marmol 2014-05-19 12:21:15 -07:00
commit c6e60b57a2
2 changed files with 21 additions and 2 deletions
Download patch file Download diff file Expand all files Collapse all files

2
libcontainer/nsinit/init.go
View file

@ -81,7 +81,7 @@ func Init(container *libcontainer.Container, uncleanRootfs, consolePath string,
return fmt.Errorf("set process label %s", err)
}
if container.Context["restrictions"] != "" {
if err := restrict.Restrict("proc", "sys"); err != nil {
if err := restrict.Restrict("proc/sys", "proc/sysrq-trigger", "proc/irq", "proc/bus", "sys"); err != nil {
return err
}
}