Skip to content

Commit

Permalink
Make the temp mount as ready only in container WithVolumes
Browse files Browse the repository at this point in the history 
Signed-off-by: Qiutong Song <songqt01@gmail.com>
(cherry picked from commit ec90efb)
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
  • Loading branch information
@qiutongs @thaJeztah
qiutongs authored and thaJeztah committed Mar 24, 2022
1 parent 3df54a8 commit 05b04a1
Showing 1 changed file with 6 additions and 0 deletions.
6 changes: 6 additions & 0 deletions pkg/cri/opts/container.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -66,6 +66,12 @@ func WithVolumes(volumeMounts map[string]string) containerd.NewContainerOpts {
if err != nil {
return err
}
// Since only read is needed, append ReadOnly mount option to prevent linux kernel
// from syncing whole filesystem in umount syscall.
if len(mounts) == 1 && mounts[0].Type == "overlay" {
mounts[0].Options = append(mounts[0].Options, "ro")
}

root, err := ioutil.TempDir("", "ctd-volume")
if err != nil {
return err
Expand Down

0 comments on commit 05b04a1

Please sign in to comment.