cgfs: don't mount /sys/fs/cgroup readonly

/sys/fs/cgroup is just a size-limited tmpfs, and making it ro does nothing to affect our ability alter mount settings of its subdirs. OTOH making it ro can upset mountall in the container which tries to remount it rw, which may be refused. So just don't do it. Signed-off-by: Serge Hallyn <serge.hallyn@ubuntu.com> Cc: Christian Seiler <christian@iwakd.de> Acked-by: Stéphane Graber <stgraber@ubuntu.com>

cgfs: don't mount /sys/fs/cgroup readonly
8d783edc · Serge Hallyn · Stéphane Graber · b9abc183 · 8d783edc
Commit 8d783edc authored May 02, 2014 by Serge Hallyn Committed by Stéphane Graber May 02, 2014
Hide whitespace changes
Inline Side-by-side

Showing with 0 additions and 16 deletions

cgfs.c src/lxc/cgfs.c +0 -16

No files found.
--- a/src/lxc/cgfs.c
+++ b/src/lxc/cgfs.c
@@ -1413,14 +1413,6 @@ static bool cgroupfs_mount_cgroup(void *hdata, const char *root, int type)
 				SYSERROR("error bind-mounting %s to %s", mp->mount_point, abs_path);
 				goto out_error;
 			}
-			/* main cgroup path should be read-only */
-			if (type == LXC_AUTO_CGROUP_FULL_RO || type == LXC_AUTO_CGROUP_FULL_MIXED) {
-				r = mount(NULL, abs_path, NULL, MS_REMOUNT|MS_BIND|MS_RDONLY, NULL);
-				if (r < 0) {
-					SYSERROR("error re-mounting %s readonly", abs_path);
-					goto out_error;
-				}
-			}
 			/* own cgroup should be read-write */
 			if (type == LXC_AUTO_CGROUP_FULL_MIXED) {
 				r = mount(abs_path2, abs_path2, NULL, MS_BIND, NULL);
@@ -1487,14 +1479,6 @@ static bool cgroupfs_mount_cgroup(void *hdata, const char *root, int type)
 		parts = NULL;
 	}
-	/* try to remount the tmpfs readonly, since the container shouldn't
-	 * change anything (this will also make sure that trying to create
-	 * new cgroups outside the allowed area fails with an error instead
-	 * of simply causing this to create directories in the tmpfs itself)
-	 */
-	if (type != LXC_AUTO_CGROUP_RW && type != LXC_AUTO_CGROUP_FULL_RW)
-		mount(NULL, path, NULL, MS_REMOUNT|MS_RDONLY, NULL);
 	free(path);
 	return true;