From 5cfc06fae750e7222f0839a48b152c4f9da1633c Mon Sep 17 00:00:00 2001 From: Serge Hallyn Date: Fri, 2 May 2014 11:35:10 -0500 Subject: [PATCH] cgfs: don't mount /sys/fs/cgroup readonly MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit /sys/fs/cgroup is just a size-limited tmpfs, and making it ro does nothing to affect our ability alter mount settings of its subdirs. OTOH making it ro can upset mountall in the container which tries to remount it rw, which may be refused. So just don't do it. Signed-off-by: Serge Hallyn Cc: Christian Seiler Acked-by: Stéphane Graber --- src/lxc/cgfs.c | 16 ---------------- 1 file changed, 16 deletions(-) diff --git a/src/lxc/cgfs.c b/src/lxc/cgfs.c index db2a973ce2..ba7df895ad 100644 --- a/src/lxc/cgfs.c +++ b/src/lxc/cgfs.c @@ -1413,14 +1413,6 @@ static bool cgroupfs_mount_cgroup(void *hdata, const char *root, int type) SYSERROR("error bind-mounting %s to %s", mp->mount_point, abs_path); goto out_error; } - /* main cgroup path should be read-only */ - if (type == LXC_AUTO_CGROUP_FULL_RO || type == LXC_AUTO_CGROUP_FULL_MIXED) { - r = mount(NULL, abs_path, NULL, MS_REMOUNT|MS_BIND|MS_RDONLY, NULL); - if (r < 0) { - SYSERROR("error re-mounting %s readonly", abs_path); - goto out_error; - } - } /* own cgroup should be read-write */ if (type == LXC_AUTO_CGROUP_FULL_MIXED) { r = mount(abs_path2, abs_path2, NULL, MS_BIND, NULL); @@ -1487,14 +1479,6 @@ static bool cgroupfs_mount_cgroup(void *hdata, const char *root, int type) parts = NULL; } - /* try to remount the tmpfs readonly, since the container shouldn't - * change anything (this will also make sure that trying to create - * new cgroups outside the allowed area fails with an error instead - * of simply causing this to create directories in the tmpfs itself) - */ - if (type != LXC_AUTO_CGROUP_RW && type != LXC_AUTO_CGROUP_FULL_RW) - mount(NULL, path, NULL, MS_REMOUNT|MS_RDONLY, NULL); - free(path); return true;