The following pull request was submitted through Github.
It can be accessed and reviewed at: https://github.com/lxc/distrobuilder/pull/290
This e-mail was sent by the LXC bot, direct replies will not reach the author
unless they happen to be subscribed to this list.
=== Description (from pull-request) ===
Signed-off-by: Thomas Hipp <thomas.h...@canonical.com>
From 0104864f8a6bfcbfea9d991697ac52c12c58eaf9 Mon Sep 17 00:00:00 2001
From: Thomas Hipp <thomas.h...@canonical.com>
Date: Mon, 24 Feb 2020 14:20:29 +0100
Subject: [PATCH] shared/chroot: Make /dev/fuse read-only
Signed-off-by: Thomas Hipp <thomas.h...@canonical.com>
---
shared/chroot.go | 8 ++++++++
1 file changed, 8 insertions(+)
diff --git a/shared/chroot.go b/shared/chroot.go
index e44703e..6b27b01 100644
--- a/shared/chroot.go
+++ b/shared/chroot.go
@@ -57,6 +57,14 @@ func setupMounts(rootfs string, mounts []ChrootMount) error {
}
}
+ // Make sure /dev/fuse is read-only
+ if lxd.PathExists("/dev/fuse") {
+ err = unix.Mount("", "/dev/fuse", "",
unix.MS_REMOUNT|unix.MS_BIND|unix.MS_RDONLY, "")
+ if err != nil {
+ return errors.Wrap(err, "Failed to mount '/dev/fuse'
read-only")
+ }
+ }
+
return nil
}
_______________________________________________
lxc-devel mailing list
lxc-devel@lists.linuxcontainers.org
http://lists.linuxcontainers.org/listinfo/lxc-devel
