cgfs: don't mount /sys/fs/cgroup readonly

/sys/fs/cgroup is just a size-limited tmpfs, and making it ro does
nothing to affect our ability alter mount settings of its subdirs.
OTOH making it ro can upset mountall in the container which tries
to remount it rw, which may be refused.

So just don't do it.

Signed-off-by: Serge Hallyn <serge.hallyn@ubuntu.com>
Cc: Christian Seiler <christian@iwakd.de>
Acked-by: Stéphane Graber <stgraber@ubuntu.com>

src/lxc/cgfs.c

@@ -1413,14 +1413,6 @@ static bool cgroupfs_mount_cgroup(void *hdata, const char *root, int type)
 				SYSERROR("error bind-mounting %s to %s", mp->mount_point, abs_path);
 				goto out_error;
 			}
-			/* main cgroup path should be read-only */
-			if (type == LXC_AUTO_CGROUP_FULL_RO || type == LXC_AUTO_CGROUP_FULL_MIXED) {
-				r = mount(NULL, abs_path, NULL, MS_REMOUNT|MS_BIND|MS_RDONLY, NULL);
-				if (r < 0) {
-					SYSERROR("error re-mounting %s readonly", abs_path);
-					goto out_error;
-				}
-			}
 			/* own cgroup should be read-write */
 			if (type == LXC_AUTO_CGROUP_FULL_MIXED) {
 				r = mount(abs_path2, abs_path2, NULL, MS_BIND, NULL);
@@ -1487,14 +1479,6 @@ static bool cgroupfs_mount_cgroup(void *hdata, const char *root, int type)
 		parts = NULL;
 	}
 
-	/* try to remount the tmpfs readonly, since the container shouldn't
-	 * change anything (this will also make sure that trying to create
-	 * new cgroups outside the allowed area fails with an error instead
-	 * of simply causing this to create directories in the tmpfs itself)
-	 */
-	if (type != LXC_AUTO_CGROUP_RW && type != LXC_AUTO_CGROUP_FULL_RW)
-		mount(NULL, path, NULL, MS_REMOUNT|MS_RDONLY, NULL);
-
 	free(path);
 
 	return true;